Home| summaryrefslogtreecommitdiff |
| author | Takashi Iwai <tiwai@suse.de> | 2011-02-21 09:34:10 (GMT) |
|---|---|---|
| committer | Takashi Iwai <tiwai@suse.de> | 2011-02-21 09:34:10 (GMT) |
| commit | f6a72cca01b25188702a071aa4450fc442b8b47a (patch) (side-by-side diff) | |
| tree | 175a73fc2d8b344999a732c76b9cd1609604b8b2 | |
| parent | d991856c504fde6a982723fd4be108abb975754a (diff) | |
- ALSA: caiaq - Fix possible string-buffer overflow (bnc#672499,rpm-2.6.37.1-1.2
CVE-2011-0712).
| -rw-r--r-- | patches.drivers/alsa-01-caiaq-Fix-possible-string-buffer-overflow | 50 | ||||
| -rw-r--r-- | series.conf | 1 |
2 files changed, 51 insertions, 0 deletions
diff --git a/patches.drivers/alsa-01-caiaq-Fix-possible-string-buffer-overflow b/patches.drivers/alsa-01-caiaq-Fix-possible-string-buffer-overflow new file mode 100644 index 0000000..9a766f2 --- a/dev/null +++ b/patches.drivers/alsa-01-caiaq-Fix-possible-string-buffer-overflow @@ -0,0 +1,50 @@ +From eaae55dac6b64c0616046436b294e69fc5311581 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai <tiwai@suse.de> +Date: Mon, 14 Feb 2011 22:45:59 +0100 +Subject: [PATCH] ALSA: caiaq - Fix possible string-buffer overflow +Git-commit: eaae55dac6b64c0616046436b294e69fc5311581 +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6.git +Patch-mainline: 2.6.38-rc6 +References: bnc#672499, CVE-2011-0712 + +Use strlcpy() to assure not to overflow the string array sizes by +too long USB device name string. + +Reported-by: Rafa <rafa@mwrinfosecurity.com> +Cc: stable <stable@kernel.org> +Signed-off-by: Takashi Iwai <tiwai@suse.de> + +--- + sound/usb/caiaq/audio.c | 2 +- + sound/usb/caiaq/midi.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sound/usb/caiaq/audio.c b/sound/usb/caiaq/audio.c +index 68b9747..66eabaf 100644 +--- a/sound/usb/caiaq/audio.c ++++ b/sound/usb/caiaq/audio.c +@@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev) + } + + dev->pcm->private_data = dev; +- strcpy(dev->pcm->name, dev->product_name); ++ strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name)); + + memset(dev->sub_playback, 0, sizeof(dev->sub_playback)); + memset(dev->sub_capture, 0, sizeof(dev->sub_capture)); +diff --git a/sound/usb/caiaq/midi.c b/sound/usb/caiaq/midi.c +index 2f218c7..a1a4708 100644 +--- a/sound/usb/caiaq/midi.c ++++ b/sound/usb/caiaq/midi.c +@@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device) + if (ret < 0) + return ret; + +- strcpy(rmidi->name, device->product_name); ++ strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name)); + + rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX; + rmidi->private_data = device; +-- +1.7.3.4 + diff --git a/series.conf b/series.conf index d0bd9dc..0b5069e 100644 --- a/series.conf +++ b/series.conf @@ -588,6 +588,7 @@ # Sound ########################################################## patches.drivers/alsa-hda-0003-Add-Lenovo-vendor-quirk-for-Conexant-205xx + patches.drivers/alsa-01-caiaq-Fix-possible-string-buffer-overflow ######################################################## # Other driver fixes |