ALSA: caiaq - Fix possible string-buffer overflow

Use strlcpy() to assure not to overflow the string array sizes by too long USB device name string. Reported-by: N Rafa <rafa@mwrinfosecurity.com> Cc: stable <stable@kernel.org> Signed-off-by: N Takashi Iwai <tiwai@suse.de>

ALSA: caiaq - Fix possible string-buffer overflow
Use strlcpy() to assure not to overflow the string array sizes by too long USB device name string. Reported-by: N Rafa <rafa@mwrinfosecurity.com> Cc: stable <stable@kernel.org> Signed-off-by: N Takashi Iwai <tiwai@suse.de>
eaae55da · Takashi Iwai · 5e5677f2 · eaae55da · eaae55da
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

sound/usb/caiaq/audio.c sound/usb/caiaq/audio.c +1 -1

sound/usb/caiaq/midi.c sound/usb/caiaq/midi.c +1 -1

未找到文件。
--- a/sound/usb/caiaq/audio.c
+++ b/sound/usb/caiaq/audio.c
@@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev)
 	}

 	dev->pcm->private_data = dev;
-	strcpy(dev->pcm->name, dev->product_name);
+	strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name));

 	memset(dev->sub_playback, 0, sizeof(dev->sub_playback));
 	memset(dev->sub_capture, 0, sizeof(dev->sub_capture));

--- a/sound/usb/caiaq/midi.c
+++ b/sound/usb/caiaq/midi.c
@@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device)
 	if (ret < 0)
 		return ret;

-	strcpy(rmidi->name, device->product_name);
+	strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name));

 	rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX;
 	rmidi->private_data = device;