From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 3.10 04/19] ALSA: emu10k1: Fix card shortname string buffer overflow
Date: Mon, 11 May 2015 10:55:19 -0700 [thread overview]
Message-ID: <20150511175453.142250811@linuxfoundation.org> (raw)
In-Reply-To: <20150511175453.015424013@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit d02260824e2cad626fb2a9d62e27006d34b6dedc upstream.
Some models provide too long string for the shortname that has 32bytes
including the terminator, and it results in a non-terminated string
exposed to the user-space. This isn't too critical, though, as the
string is stopped at the succeeding longname string.
This patch fixes such entries by dropping "SB" prefix (it's enough to
fit within 32 bytes, so far). Meanwhile, it also changes strcpy()
with strlcpy() to make sure that this kind of problem won't happen in
future, too.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/emu10k1/emu10k1.c | 6 ++++--
sound/pci/emu10k1/emu10k1_main.c | 4 ++--
2 files changed, 6 insertions(+), 4 deletions(-)
--- a/sound/pci/emu10k1/emu10k1.c
+++ b/sound/pci/emu10k1/emu10k1.c
@@ -181,8 +181,10 @@ static int snd_card_emu10k1_probe(struct
}
#endif
- strcpy(card->driver, emu->card_capabilities->driver);
- strcpy(card->shortname, emu->card_capabilities->name);
+ strlcpy(card->driver, emu->card_capabilities->driver,
+ sizeof(card->driver));
+ strlcpy(card->shortname, emu->card_capabilities->name,
+ sizeof(card->shortname));
snprintf(card->longname, sizeof(card->longname),
"%s (rev.%d, serial:0x%x) at 0x%lx, irq %i",
card->shortname, emu->revision, emu->serial, emu->port, emu->irq);
--- a/sound/pci/emu10k1/emu10k1_main.c
+++ b/sound/pci/emu10k1/emu10k1_main.c
@@ -1411,7 +1411,7 @@ static struct snd_emu_chip_details emu_c
*
*/
{.vendor = 0x1102, .device = 0x0008, .subsystem = 0x20011102,
- .driver = "Audigy2", .name = "SB Audigy 2 ZS Notebook [SB0530]",
+ .driver = "Audigy2", .name = "Audigy 2 ZS Notebook [SB0530]",
.id = "Audigy2",
.emu10k2_chip = 1,
.ca0108_chip = 1,
@@ -1561,7 +1561,7 @@ static struct snd_emu_chip_details emu_c
.adc_1361t = 1, /* 24 bit capture instead of 16bit */
.ac97_chip = 1} ,
{.vendor = 0x1102, .device = 0x0004, .subsystem = 0x10051102,
- .driver = "Audigy2", .name = "SB Audigy 2 Platinum EX [SB0280]",
+ .driver = "Audigy2", .name = "Audigy 2 Platinum EX [SB0280]",
.id = "Audigy2",
.emu10k2_chip = 1,
.ca0102_chip = 1,
next prev parent reply other threads:[~2015-05-11 18:05 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-11 17:55 [PATCH 3.10 00/19] 3.10.78-stable review Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 01/19] [PATCH] ipv4: Missing sk_nulls_node_init() in ping_unhash() Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 02/19] ALSA: emux: Fix mutex deadlock at unloading Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 03/19] ALSA: emux: Fix mutex deadlock in OSS emulation Greg Kroah-Hartman
2015-05-11 17:55 ` Greg Kroah-Hartman [this message]
2015-05-11 17:55 ` [PATCH 3.10 05/19] ALSA: emu10k1: Emu10k2 32 bit DMA mode Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 07/19] serial: of-serial: Remove device_type = "serial" registration Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 08/19] rbd: end I/O the entire obj_request on error Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 09/19] ext4: fix data corruption caused by unwritten and delayed extents Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 10/19] 3w-xxxx: fix command completion race Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 11/19] 3w-9xxx: " Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 12/19] 3w-sas: " Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 13/19] usb: host: oxu210hp: use new USB_RESUME_TIMEOUT Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 14/19] usb: gadget: printer: enqueue printers response for setup request Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 15/19] staging: panel: fix lcd type Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 16/19] ARM: dts: dove: Fix uart[23] reg property Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 17/19] Drivers: hv: vmbus: Dont wait after requesting offers Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 18/19] UBI: fix soft lockup in ubi_check_volume() Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 19/19] ARC: signal handling robustify Greg Kroah-Hartman
2015-05-11 20:02 ` [PATCH 3.10 00/19] 3.10.78-stable review Guenter Roeck
2015-05-11 23:41 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150511175453.142250811@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox