Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7ca1a78 authored by Dan Carpenter's avatar Dan Carpenter Committed by Greg Kroah-Hartman
Browse files

ALSA: bebob: potential info leak in hwdep_read() 



commit b41c15f4e1c1f1657da15c482fa837c1b7384452 upstream.

The "count" variable needs to be capped on every path so that we don't
copy too much information to the user.

Fixes: 618eabea ("ALSA: bebob: Add hwdep interface")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Acked-by: default avatarTakashi Sakamoto <o-takashi@sakamocchi.jp>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201007074928.GA2529578@mwanda


Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 35cc2fac

sound/firewire/bebob/bebob_hwdep.c

+1 −2
Original line number Diff line number Diff line
@@ -37,12 +37,11 @@ hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count, 
	}



	memset(&event, 0, sizeof(event));

	count = min_t(long, count, sizeof(event.lock_status));

	if (bebob->dev_lock_changed) {

		event.lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS;

		event.lock_status.status = (bebob->dev_lock_count > 0);

		bebob->dev_lock_changed = false;



		count = min_t(long, count, sizeof(event.lock_status));

	}



	spin_unlock_irq(&bebob->lock);