[kernel] r17909 - in dists/lenny-security/linux-2.6/debian/patches: bugfix/all series
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Aug 11 18:40:22 UTC 2011
Author: jmm
Date: Thu Aug 11 18:40:21 2011
New Revision: 17909
Log:
CVE-2011-0712 for Lenny
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/alsa-caiaq-fix-possible-string-buffer-overflow.patch
Modified:
dists/lenny-security/linux-2.6/debian/patches/series/26lenny4
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/alsa-caiaq-fix-possible-string-buffer-overflow.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/alsa-caiaq-fix-possible-string-buffer-overflow.patch Thu Aug 11 18:40:21 2011 (r17909)
@@ -0,0 +1,43 @@
+From: Takashi Iwai <tiwai at suse.de>
+Date: Mon, 14 Feb 2011 21:45:59 +0000 (+0100)
+Subject: ALSA: caiaq - Fix possible string-buffer overflow
+X-Git-Tag: v2.6.38-rc6~15^2~3
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=eaae55dac6b64c0616046436b294e69fc5311581
+
+ALSA: caiaq - Fix possible string-buffer overflow
+
+Use strlcpy() to assure not to overflow the string array sizes by
+too long USB device name string.
+
+Reported-by: Rafa <rafa at mwrinfosecurity.com>
+Cc: stable <stable at kernel.org>
+Signed-off-by: Takashi Iwai <tiwai at suse.de>
+[adapted to 2.6.26 - jmm]
+---
+
+diff --git a/sound/usb/caiaq/audio.c b/sound/usb/caiaq/audio.c
+index 68b9747..66eabaf 100644
+--- a/sound/usb/caiaq/audio.c
++++ b/sound/usb/caiaq/caiaq-audio.c
+@@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev)
+ }
+
+ dev->pcm->private_data = dev;
+- strcpy(dev->pcm->name, dev->product_name);
++ strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name));
+
+ memset(dev->sub_playback, 0, sizeof(dev->sub_playback));
+ memset(dev->sub_capture, 0, sizeof(dev->sub_capture));
+diff --git a/sound/usb/caiaq/midi.c b/sound/usb/caiaq/midi.c
+index 2f218c7..a1a4708 100644
+--- a/sound/usb/caiaq/midi.c
++++ b/sound/usb/caiaq/caiaq-midi.c
+@@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device)
+ if (ret < 0)
+ return ret;
+
+- strcpy(rmidi->name, device->product_name);
++ strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name));
+
+ rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX;
+ rmidi->private_data = device;
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny4
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny4 Thu Aug 11 18:29:28 2011 (r17908)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny4 Thu Aug 11 18:40:21 2011 (r17909)
@@ -2,6 +2,7 @@
+ bugfix/all/alpha-fix-several-security-issues.patch
+ bugfix/all/fix-inet_diag_bc_audit.patch
+ bugfix/all/CVE-2011-2492.patch
++ bugfix/all/alsa-caiaq-fix-possible-string-buffer-overflow.patch
More information about the Kernel-svn-changes
mailing list