]> git.karo-electronics.de Git - karo-tx-linux.git/commitdiff
ALSA: caiaq - Fix possible string-buffer overflow
authorTakashi Iwai <tiwai@suse.de>
Mon, 14 Feb 2011 21:45:59 +0000 (22:45 +0100)
committerGreg Kroah-Hartman <gregkh@suse.de>
Wed, 2 Mar 2011 14:46:51 +0000 (09:46 -0500)
commit eaae55dac6b64c0616046436b294e69fc5311581 upstream.

Use strlcpy() to assure not to overflow the string array sizes by
too long USB device name string.

Reported-by: Rafa <rafa@mwrinfosecurity.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
sound/usb/caiaq/audio.c
sound/usb/caiaq/midi.c

index 86b2c3b92df53abafa8188560c4e034ce987ea97..007b4bf56f98c060e56744dffbf0c540eae647aa 100644 (file)
@@ -639,7 +639,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev)
        }
 
        dev->pcm->private_data = dev;
-       strcpy(dev->pcm->name, dev->product_name);
+       strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name));
 
        memset(dev->sub_playback, 0, sizeof(dev->sub_playback));
        memset(dev->sub_capture, 0, sizeof(dev->sub_capture));
index 538e8c00d31aadac2c8555df958c1312051265b5..bd55649cdc71ad6c3237b517e11c02d5c4931e98 100644 (file)
@@ -135,7 +135,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device)
        if (ret < 0)
                return ret;
 
-       strcpy(rmidi->name, device->product_name);
+       strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name));
 
        rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX;
        rmidi->private_data = device;