Commit eaae55da authored by Takashi Iwai's avatar Takashi Iwai

ALSA: caiaq - Fix possible string-buffer overflow

Use strlcpy() to assure not to overflow the string array sizes by
too long USB device name string.
Reported-by: default avatarRafa <rafa@mwrinfosecurity.com>
Cc: stable <stable@kernel.org>
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent 5e5677f2
...@@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev) ...@@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev)
} }
dev->pcm->private_data = dev; dev->pcm->private_data = dev;
strcpy(dev->pcm->name, dev->product_name); strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name));
memset(dev->sub_playback, 0, sizeof(dev->sub_playback)); memset(dev->sub_playback, 0, sizeof(dev->sub_playback));
memset(dev->sub_capture, 0, sizeof(dev->sub_capture)); memset(dev->sub_capture, 0, sizeof(dev->sub_capture));
......
...@@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device) ...@@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device)
if (ret < 0) if (ret < 0)
return ret; return ret;
strcpy(rmidi->name, device->product_name); strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name));
rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX; rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX;
rmidi->private_data = device; rmidi->private_data = device;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment