Skip to content

Commit

Permalink
ALSA: caiaq - Fix possible string-buffer overflow
Browse files Browse the repository at this point in the history 
Use strlcpy() to assure not to overflow the string array sizes by
too long USB device name string.

Reported-by: Rafa <rafa@mwrinfosecurity.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
  • Loading branch information
Takashi Iwai committed Feb 14, 2011
1 parent 5e5677f commit eaae55d
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion sound/usb/caiaq/audio.c
View file
Original file line number Diff line number Diff line change
@@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev)
}

dev->pcm->private_data = dev;
strcpy(dev->pcm->name, dev->product_name);
strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name));

memset(dev->sub_playback, 0, sizeof(dev->sub_playback));
memset(dev->sub_capture, 0, sizeof(dev->sub_capture));
2 changes: 1 addition & 1 deletion sound/usb/caiaq/midi.c
View file
Original file line number Diff line number Diff line change
@@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device)
if (ret < 0)
return ret;

strcpy(rmidi->name, device->product_name);
strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name));

rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX;
rmidi->private_data = device;

0 comments on commit eaae55d

Please sign in to comment.