| From 6e13e3cdbf4ebc9465199bd9ffd537af4ae4eee5 Mon Sep 17 00:00:00 2001 |
| From: Takashi Iwai <tiwai@suse.de> |
| Date: Mon, 14 Feb 2011 22:45:59 +0100 |
| Subject: [PATCH] ALSA: caiaq - Fix possible string-buffer overflow |
| |
| commit eaae55dac6b64c0616046436b294e69fc5311581 upstream |
| |
| Use strlcpy() to assure not to overflow the string array sizes by |
| too long USB device name string. |
| |
| Reported-by: Rafa <rafa@mwrinfosecurity.com> |
| Signed-off-by: Takashi Iwai <tiwai@suse.de> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/sound/usb/caiaq/audio.c b/sound/usb/caiaq/audio.c |
| index 4328cad..a184e91 100644 |
| --- a/sound/usb/caiaq/audio.c |
| +++ b/sound/usb/caiaq/audio.c |
| @@ -640,7 +640,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev) |
| } |
| |
| dev->pcm->private_data = dev; |
| - strcpy(dev->pcm->name, dev->product_name); |
| + strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name)); |
| |
| memset(dev->sub_playback, 0, sizeof(dev->sub_playback)); |
| memset(dev->sub_capture, 0, sizeof(dev->sub_capture)); |
| diff --git a/sound/usb/caiaq/midi.c b/sound/usb/caiaq/midi.c |
| index 2f218c7..a1a4708 100644 |
| --- a/sound/usb/caiaq/midi.c |
| +++ b/sound/usb/caiaq/midi.c |
| @@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device) |
| if (ret < 0) |
| return ret; |
| |
| - strcpy(rmidi->name, device->product_name); |
| + strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name)); |
| |
| rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX; |
| rmidi->private_data = device; |
| -- |
| 1.7.4.4 |
| |