Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eaae55da authored Feb 14, 2011 by Takashi Iwai

ALSA: caiaq - Fix possible string-buffer overflow



Use strlcpy() to assure not to overflow the string array sizes by
too long USB device name string.

Reported-by: Rafa <rafa@mwrinfosecurity.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

parent 5e5677f2

sound/usb/caiaq/audio.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev)
		}

		dev->pcm->private_data = dev;
		strcpy(dev->pcm->name, dev->product_name);
		strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name));

		memset(dev->sub_playback, 0, sizeof(dev->sub_playback));
		memset(dev->sub_capture, 0, sizeof(dev->sub_capture));

sound/usb/caiaq/midi.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device)
		if (ret < 0)
		return ret;

		strcpy(rmidi->name, device->product_name);
		strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name));

		rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX;
		rmidi->private_data = device;