2.6.37-stable review patch. If anyone has any objections, please let us know.
------------------ From: Takashi Iwai <[email protected]> commit eaae55dac6b64c0616046436b294e69fc5311581 upstream. Use strlcpy() to assure not to overflow the string array sizes by too long USB device name string. Reported-by: Rafa <[email protected]> Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- sound/usb/caiaq/audio.c | 2 +- sound/usb/caiaq/midi.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/sound/usb/caiaq/audio.c +++ b/sound/usb/caiaq/audio.c @@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_ } dev->pcm->private_data = dev; - strcpy(dev->pcm->name, dev->product_name); + strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name)); memset(dev->sub_playback, 0, sizeof(dev->sub_playback)); memset(dev->sub_capture, 0, sizeof(dev->sub_capture)); --- a/sound/usb/caiaq/midi.c +++ b/sound/usb/caiaq/midi.c @@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_u if (ret < 0) return ret; - strcpy(rmidi->name, device->product_name); + strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name)); rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX; rmidi->private_data = device; _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
