[PATCH] [131/275] ALSA: caiaq - Fix possible string-buffer overflow
From: Andi Kleen
Date: Wed Mar 30 2011 - 17:08:00 EST
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@xxxxxxx>
commit eaae55dac6b64c0616046436b294e69fc5311581 upstream.
Use strlcpy() to assure not to overflow the string array sizes by
too long USB device name string.
Reported-by: Rafa <rafa@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
Signed-off-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>
---
sound/usb/caiaq/audio.c | 2 +-
sound/usb/caiaq/midi.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/sound/usb/caiaq/audio.c
===================================================================
--- linux-2.6.35.y.orig/sound/usb/caiaq/audio.c 2011-03-29 22:51:15.343330571 -0700
+++ linux-2.6.35.y/sound/usb/caiaq/audio.c 2011-03-29 23:03:01.006274422 -0700
@@ -640,7 +640,7 @@
}
dev->pcm->private_data = dev;
- strcpy(dev->pcm->name, dev->product_name);
+ strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name));
memset(dev->sub_playback, 0, sizeof(dev->sub_playback));
memset(dev->sub_capture, 0, sizeof(dev->sub_capture));
Index: linux-2.6.35.y/sound/usb/caiaq/midi.c
===================================================================
--- linux-2.6.35.y.orig/sound/usb/caiaq/midi.c 2011-03-29 22:51:15.342330597 -0700
+++ linux-2.6.35.y/sound/usb/caiaq/midi.c 2011-03-29 23:03:01.007274396 -0700
@@ -136,7 +136,7 @@
if (ret < 0)
return ret;
- strcpy(rmidi->name, device->product_name);
+ strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name));
rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX;
rmidi->private_data = device;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/