Home Home > GIT Browse > SLE15
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2011-02-21 10:34:10 +0100
committerTakashi Iwai <tiwai@suse.de>2011-02-21 10:34:10 +0100
commitf6a72cca01b25188702a071aa4450fc442b8b47a (patch)
tree175a73fc2d8b344999a732c76b9cd1609604b8b2
parentd991856c504fde6a982723fd4be108abb975754a (diff)
CVE-2011-0712).
-rw-r--r--patches.drivers/alsa-01-caiaq-Fix-possible-string-buffer-overflow50
-rw-r--r--series.conf1
2 files changed, 51 insertions, 0 deletions
diff --git a/patches.drivers/alsa-01-caiaq-Fix-possible-string-buffer-overflow b/patches.drivers/alsa-01-caiaq-Fix-possible-string-buffer-overflow
new file mode 100644
index 0000000000..9a766f227c
--- /dev/null
+++ b/patches.drivers/alsa-01-caiaq-Fix-possible-string-buffer-overflow
@@ -0,0 +1,50 @@
+From eaae55dac6b64c0616046436b294e69fc5311581 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 14 Feb 2011 22:45:59 +0100
+Subject: [PATCH] ALSA: caiaq - Fix possible string-buffer overflow
+Git-commit: eaae55dac6b64c0616046436b294e69fc5311581
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6.git
+Patch-mainline: 2.6.38-rc6
+References: bnc#672499, CVE-2011-0712
+
+Use strlcpy() to assure not to overflow the string array sizes by
+too long USB device name string.
+
+Reported-by: Rafa <rafa@mwrinfosecurity.com>
+Cc: stable <stable@kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ sound/usb/caiaq/audio.c | 2 +-
+ sound/usb/caiaq/midi.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sound/usb/caiaq/audio.c b/sound/usb/caiaq/audio.c
+index 68b9747..66eabaf 100644
+--- a/sound/usb/caiaq/audio.c
++++ b/sound/usb/caiaq/audio.c
+@@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev)
+ }
+
+ dev->pcm->private_data = dev;
+- strcpy(dev->pcm->name, dev->product_name);
++ strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name));
+
+ memset(dev->sub_playback, 0, sizeof(dev->sub_playback));
+ memset(dev->sub_capture, 0, sizeof(dev->sub_capture));
+diff --git a/sound/usb/caiaq/midi.c b/sound/usb/caiaq/midi.c
+index 2f218c7..a1a4708 100644
+--- a/sound/usb/caiaq/midi.c
++++ b/sound/usb/caiaq/midi.c
+@@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device)
+ if (ret < 0)
+ return ret;
+
+- strcpy(rmidi->name, device->product_name);
++ strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name));
+
+ rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX;
+ rmidi->private_data = device;
+--
+1.7.3.4
+
diff --git a/series.conf b/series.conf
index d0bd9dcdb3..0b5069e9f3 100644
--- a/series.conf
+++ b/series.conf
@@ -588,6 +588,7 @@
# Sound
##########################################################
patches.drivers/alsa-hda-0003-Add-Lenovo-vendor-quirk-for-Conexant-205xx
+ patches.drivers/alsa-01-caiaq-Fix-possible-string-buffer-overflow
########################################################
# Other driver fixes