summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2011-02-14 22:45:59 +0100
committerTakashi Iwai <tiwai@suse.de>2011-02-14 22:50:46 +0100
commiteaae55dac6b64c0616046436b294e69fc5311581 (patch)
tree3d43cd10661ee35d7feaed84e6aa77595d476523
parent5e5677f239ba69fc718ec9a87ac4ba035dafe2c0 (diff)
downloadlinux-eaae55dac6b64c0616046436b294e69fc5311581.tar.bz2
ALSA: caiaq - Fix possible string-buffer overflow
Use strlcpy() to assure not to overflow the string array sizes by too long USB device name string. Reported-by: Rafa <rafa@mwrinfosecurity.com> Cc: stable <stable@kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-rw-r--r--sound/usb/caiaq/audio.c2
-rw-r--r--sound/usb/caiaq/midi.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/sound/usb/caiaq/audio.c b/sound/usb/caiaq/audio.c
index 68b97477577b..66eabafb1c24 100644
--- a/sound/usb/caiaq/audio.c
+++ b/sound/usb/caiaq/audio.c
@@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev)
}
dev->pcm->private_data = dev;
- strcpy(dev->pcm->name, dev->product_name);
+ strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name));
memset(dev->sub_playback, 0, sizeof(dev->sub_playback));
memset(dev->sub_capture, 0, sizeof(dev->sub_capture));
diff --git a/sound/usb/caiaq/midi.c b/sound/usb/caiaq/midi.c
index 2f218c77fff2..a1a47088fd0c 100644
--- a/sound/usb/caiaq/midi.c
+++ b/sound/usb/caiaq/midi.c
@@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device)
if (ret < 0)
return ret;
- strcpy(rmidi->name, device->product_name);
+ strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name));
rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX;
rmidi->private_data = device;