From 7e1621de146fbed6172252f14a6a41b2c5999a93 Mon Sep 17 00:00:00 2001
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Date: Mon, 3 Apr 2017 21:13:55 +0900
Subject: ALSA: firewire-lib/bebob/oxfw: improve response evaluation for AV/C
 commands

In ALSA firewire stack, some AV/C commands are supported, including
vendor's extensions. Drivers includes response parser of each command,
according to its requirements, while the parser is written with loose
fashion in two points; error check and length check. This doesn't cause
any issues such as kernel corruption, but should be improved.

This commit modifies evaluations of return value on each parsers.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 sound/firewire/bebob/bebob_command.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

(limited to 'sound/firewire/bebob')

diff --git a/sound/firewire/bebob/bebob_command.c b/sound/firewire/bebob/bebob_command.c
index 9402cc15dbc1..f9b4225dd86f 100644
--- a/sound/firewire/bebob/bebob_command.c
+++ b/sound/firewire/bebob/bebob_command.c
@@ -31,13 +31,15 @@ int avc_audio_set_selector(struct fw_unit *unit, unsigned int subunit_id,
 	err = fcp_avc_transaction(unit, buf, 12, buf, 12,
 				  BIT(1) | BIT(2) | BIT(3) | BIT(4) | BIT(5) |
 				  BIT(6) | BIT(7) | BIT(8));
-	if (err > 0 && err < 9)
+	if (err < 0)
+		;
+	else if (err < 9)
 		err = -EIO;
 	else if (buf[0] == 0x08) /* NOT IMPLEMENTED */
 		err = -ENOSYS;
 	else if (buf[0] == 0x0a) /* REJECTED */
 		err = -EINVAL;
-	else if (err > 0)
+	else
 		err = 0;
 
 	kfree(buf);
@@ -67,7 +69,9 @@ int avc_audio_get_selector(struct fw_unit *unit, unsigned int subunit_id,
 	err = fcp_avc_transaction(unit, buf, 12, buf, 12,
 				  BIT(1) | BIT(2) | BIT(3) | BIT(4) | BIT(5) |
 				  BIT(6) | BIT(8));
-	if (err > 0 && err < 9)
+	if (err < 0)
+		;
+	else if (err < 9)
 		err = -EIO;
 	else if (buf[0] == 0x08) /* NOT IMPLEMENTED */
 		err = -ENOSYS;
@@ -120,7 +124,9 @@ int avc_bridgeco_get_plug_type(struct fw_unit *unit,
 	err = fcp_avc_transaction(unit, buf, 12, buf, 12,
 				  BIT(1) | BIT(2) | BIT(3) | BIT(4) | BIT(5) |
 				  BIT(6) | BIT(7) | BIT(9));
-	if ((err >= 0) && (err < 8))
+	if (err < 0)
+		;
+	else if (err < 11)
 		err = -EIO;
 	else if (buf[0] == 0x08) /* NOT IMPLEMENTED */
 		err = -ENOSYS;
@@ -150,7 +156,9 @@ int avc_bridgeco_get_plug_ch_pos(struct fw_unit *unit,
 	err = fcp_avc_transaction(unit, buf, 12, buf, 256,
 				  BIT(1) | BIT(2) | BIT(3) | BIT(4) |
 				  BIT(5) | BIT(6) | BIT(7) | BIT(9));
-	if ((err >= 0) && (err < 8))
+	if (err < 0)
+		;
+	else if (err < 11)
 		err = -EIO;
 	else if (buf[0] == 0x08) /* NOT IMPLEMENTED */
 		err = -ENOSYS;
@@ -187,7 +195,9 @@ int avc_bridgeco_get_plug_section_type(struct fw_unit *unit,
 	err = fcp_avc_transaction(unit, buf, 12, buf, 12,
 				  BIT(1) | BIT(2) | BIT(3) | BIT(4) | BIT(5) |
 				  BIT(6) | BIT(7) | BIT(9) | BIT(10));
-	if ((err >= 0) && (err < 8))
+	if (err < 0)
+		;
+	else if (err < 12)
 		err = -EIO;
 	else if (buf[0] == 0x08) /* NOT IMPLEMENTED */
 		err = -ENOSYS;
@@ -221,7 +231,9 @@ int avc_bridgeco_get_plug_input(struct fw_unit *unit,
 	err = fcp_avc_transaction(unit, buf, 16, buf, 16,
 				  BIT(1) | BIT(2) | BIT(3) | BIT(4) | BIT(5) |
 				  BIT(6) | BIT(7));
-	if ((err >= 0) && (err < 8))
+	if (err < 0)
+		;
+	else if (err < 16)
 		err = -EIO;
 	else if (buf[0] == 0x08) /* NOT IMPLEMENTED */
 		err = -ENOSYS;
@@ -260,7 +272,9 @@ int avc_bridgeco_get_plug_strm_fmt(struct fw_unit *unit,
 	err = fcp_avc_transaction(unit, buf, 12, buf, *len,
 				  BIT(1) | BIT(2) | BIT(3) | BIT(4) | BIT(5) |
 				  BIT(6) | BIT(7) | BIT(10));
-	if ((err >= 0) && (err < 12))
+	if (err < 0)
+		;
+	else if (err < 12)
 		err = -EIO;
 	else if (buf[0] == 0x08)        /* NOT IMPLEMENTED */
 		err = -ENOSYS;
-- 
cgit v1.2.3