| Submitter | Leann Ogasawara |
|---|---|
| Date | April 22, 2011, 8:12 p.m. |
| Message ID | <1303503173.2050.31.camel@emiko> |
| Download | mbox | patch |
| Permalink | /patch/92581/ |
| State | New |
| Headers | show |
Pull-request
git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0712Comments
On 04/22/2011 01:12 PM, Leann Ogasawara wrote: > The following changes since commit a9db1134ee83026cf7ff4e192785c436d4573bad: > Steve Conklin (1): > UBUNTU: Ubuntu-2.6.24-29.89 > > are available in the git repository at: > > git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0712 > > Takashi Iwai (1): > ALSA: caiaq - Fix possible string-buffer overflow, CVE-2011-0712 > > sound/usb/caiaq/caiaq-audio.c | 2 +- > sound/usb/caiaq/caiaq-device.c | 4 ++-- > sound/usb/caiaq/caiaq-midi.c | 2 +- > 3 files changed, 4 insertions(+), 4 deletions(-) > > From 211f02c1eadb3c00bc59a20fdf24e9ac8a026326 Mon Sep 17 00:00:00 2001 > From: Takashi Iwai<tiwai@suse.de> > Date: Mon, 14 Feb 2011 22:45:59 +0100 > Subject: [PATCH] ALSA: caiaq - Fix possible string-buffer overflow, CVE-2011-0712 > > BugLink: http://bugs.launchpad.net/bugs/768448 > > CVE-2011-0712 > > Use strlcpy() to assure not to overflow the string array sizes by > too long USB device name string. > > Reported-by: Rafa<rafa@mwrinfosecurity.com> > Cc: stable<stable@kernel.org> > Signed-off-by: Takashi Iwai<tiwai@suse.de> > (backported from upstream commit eaae55dac6b64c0616046436b294e69fc5311581) > > Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com> > --- > sound/usb/caiaq/caiaq-audio.c | 2 +- > sound/usb/caiaq/caiaq-device.c | 4 ++-- > sound/usb/caiaq/caiaq-midi.c | 2 +- > 3 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/sound/usb/caiaq/caiaq-audio.c b/sound/usb/caiaq/caiaq-audio.c > index 0666908..5e1aeac 100644 > --- a/sound/usb/caiaq/caiaq-audio.c > +++ b/sound/usb/caiaq/caiaq-audio.c > @@ -636,7 +636,7 @@ int __devinit snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev) > } > > dev->pcm->private_data = dev; > - strcpy(dev->pcm->name, dev->product_name); > + strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name)); > > memset(dev->sub_playback, 0, sizeof(dev->sub_playback)); > memset(dev->sub_capture, 0, sizeof(dev->sub_capture)); > diff --git a/sound/usb/caiaq/caiaq-device.c b/sound/usb/caiaq/caiaq-device.c > index 58af814..78b74c3 100644 > --- a/sound/usb/caiaq/caiaq-device.c > +++ b/sound/usb/caiaq/caiaq-device.c > @@ -361,8 +361,8 @@ static int init_card(struct snd_usb_caiaqdev *dev) > if (c) > *c = '\0'; > > - strcpy(card->driver, MODNAME); > - strcpy(card->shortname, dev->product_name); > + strlcpy(card->driver, MODNAME, sizeof(card->driver)); > + strlcpy(card->shortname, dev->product_name, sizeof(card->shortname)); > > len = snprintf(card->longname, sizeof(card->longname), > "%s %s (serial %s, ", > diff --git a/sound/usb/caiaq/caiaq-midi.c b/sound/usb/caiaq/caiaq-midi.c > index 793ca20..1c14ba9 100644 > --- a/sound/usb/caiaq/caiaq-midi.c > +++ b/sound/usb/caiaq/caiaq-midi.c > @@ -137,7 +137,7 @@ int __devinit snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device) > if (ret< 0) > return ret; > > - strcpy(rmidi->name, device->product_name); > + strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name)); > > rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX; > rmidi->private_data = device; Acked-by: Brad Figg <brad.figg@canonical.com>
On 04/22/2011 02:12 PM, Leann Ogasawara wrote: > The following changes since commit a9db1134ee83026cf7ff4e192785c436d4573bad: > Steve Conklin (1): > UBUNTU: Ubuntu-2.6.24-29.89 > > are available in the git repository at: > > git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0712 > > Takashi Iwai (1): > ALSA: caiaq - Fix possible string-buffer overflow, CVE-2011-0712 > > sound/usb/caiaq/caiaq-audio.c | 2 +- > sound/usb/caiaq/caiaq-device.c | 4 ++-- > sound/usb/caiaq/caiaq-midi.c | 2 +- > 3 files changed, 4 insertions(+), 4 deletions(-) > > From 211f02c1eadb3c00bc59a20fdf24e9ac8a026326 Mon Sep 17 00:00:00 2001 > From: Takashi Iwai<tiwai@suse.de> > Date: Mon, 14 Feb 2011 22:45:59 +0100 > Subject: [PATCH] ALSA: caiaq - Fix possible string-buffer overflow, CVE-2011-0712 > > BugLink: http://bugs.launchpad.net/bugs/768448 > > CVE-2011-0712 > > Use strlcpy() to assure not to overflow the string array sizes by > too long USB device name string. > > Reported-by: Rafa<rafa@mwrinfosecurity.com> > Cc: stable<stable@kernel.org> > Signed-off-by: Takashi Iwai<tiwai@suse.de> > (backported from upstream commit eaae55dac6b64c0616046436b294e69fc5311581) > > Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com> > --- > sound/usb/caiaq/caiaq-audio.c | 2 +- > sound/usb/caiaq/caiaq-device.c | 4 ++-- > sound/usb/caiaq/caiaq-midi.c | 2 +- > 3 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/sound/usb/caiaq/caiaq-audio.c b/sound/usb/caiaq/caiaq-audio.c > index 0666908..5e1aeac 100644 > --- a/sound/usb/caiaq/caiaq-audio.c > +++ b/sound/usb/caiaq/caiaq-audio.c > @@ -636,7 +636,7 @@ int __devinit snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev) > } > > dev->pcm->private_data = dev; > - strcpy(dev->pcm->name, dev->product_name); > + strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name)); > > memset(dev->sub_playback, 0, sizeof(dev->sub_playback)); > memset(dev->sub_capture, 0, sizeof(dev->sub_capture)); > diff --git a/sound/usb/caiaq/caiaq-device.c b/sound/usb/caiaq/caiaq-device.c > index 58af814..78b74c3 100644 > --- a/sound/usb/caiaq/caiaq-device.c > +++ b/sound/usb/caiaq/caiaq-device.c > @@ -361,8 +361,8 @@ static int init_card(struct snd_usb_caiaqdev *dev) > if (c) > *c = '\0'; > > - strcpy(card->driver, MODNAME); > - strcpy(card->shortname, dev->product_name); > + strlcpy(card->driver, MODNAME, sizeof(card->driver)); > + strlcpy(card->shortname, dev->product_name, sizeof(card->shortname)); > > len = snprintf(card->longname, sizeof(card->longname), > "%s %s (serial %s, ", > diff --git a/sound/usb/caiaq/caiaq-midi.c b/sound/usb/caiaq/caiaq-midi.c > index 793ca20..1c14ba9 100644 > --- a/sound/usb/caiaq/caiaq-midi.c > +++ b/sound/usb/caiaq/caiaq-midi.c > @@ -137,7 +137,7 @@ int __devinit snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device) > if (ret< 0) > return ret; > > - strcpy(rmidi->name, device->product_name); > + strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name)); > > rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX; > rmidi->private_data = device; Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 04/22/2011 02:12 PM, Leann Ogasawara wrote: > git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0712 > applied
Patch
diff --git a/sound/usb/caiaq/caiaq-audio.c b/sound/usb/caiaq/caiaq-audio.c index 0666908..5e1aeac 100644 --- a/sound/usb/caiaq/caiaq-audio.c +++ b/sound/usb/caiaq/caiaq-audio.c @@ -636,7 +636,7 @@ int __devinit snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev) } dev->pcm->private_data = dev; - strcpy(dev->pcm->name, dev->product_name); + strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name)); memset(dev->sub_playback, 0, sizeof(dev->sub_playback)); memset(dev->sub_capture, 0, sizeof(dev->sub_capture)); diff --git a/sound/usb/caiaq/caiaq-device.c b/sound/usb/caiaq/caiaq-device.c index 58af814..78b74c3 100644 --- a/sound/usb/caiaq/caiaq-device.c +++ b/sound/usb/caiaq/caiaq-device.c @@ -361,8 +361,8 @@ static int init_card(struct snd_usb_caiaqdev *dev) if (c) *c = '\0'; - strcpy(card->driver, MODNAME); - strcpy(card->shortname, dev->product_name); + strlcpy(card->driver, MODNAME, sizeof(card->driver)); + strlcpy(card->shortname, dev->product_name, sizeof(card->shortname)); len = snprintf(card->longname, sizeof(card->longname), "%s %s (serial %s, ", diff --git a/sound/usb/caiaq/caiaq-midi.c b/sound/usb/caiaq/caiaq-midi.c index 793ca20..1c14ba9 100644 --- a/sound/usb/caiaq/caiaq-midi.c +++ b/sound/usb/caiaq/caiaq-midi.c @@ -137,7 +137,7 @@ int __devinit snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device) if (ret < 0) return ret; - strcpy(rmidi->name, device->product_name); + strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name)); rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX; rmidi->private_data = device;
The following changes since commit a9db1134ee83026cf7ff4e192785c436d4573bad: Steve Conklin (1): UBUNTU: Ubuntu-2.6.24-29.89 are available in the git repository at: git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0712 Takashi Iwai (1): ALSA: caiaq - Fix possible string-buffer overflow, CVE-2011-0712 sound/usb/caiaq/caiaq-audio.c | 2 +- sound/usb/caiaq/caiaq-device.c | 4 ++-- sound/usb/caiaq/caiaq-midi.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) From 211f02c1eadb3c00bc59a20fdf24e9ac8a026326 Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai@suse.de> Date: Mon, 14 Feb 2011 22:45:59 +0100 Subject: [PATCH] ALSA: caiaq - Fix possible string-buffer overflow, CVE-2011-0712 BugLink: http://bugs.launchpad.net/bugs/768448 CVE-2011-0712 Use strlcpy() to assure not to overflow the string array sizes by too long USB device name string. Reported-by: Rafa <rafa@mwrinfosecurity.com> Cc: stable <stable@kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> (backported from upstream commit eaae55dac6b64c0616046436b294e69fc5311581) Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com> --- sound/usb/caiaq/caiaq-audio.c | 2 +- sound/usb/caiaq/caiaq-device.c | 4 ++-- sound/usb/caiaq/caiaq-midi.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-)