[kernel] r16951 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/series

Ben Hutchings benh at alioth.debian.org
Mon Feb 28 04:34:23 UTC 2011 

Author: benh
Date: Mon Feb 28 04:34:16 2011
New Revision: 16951

Log:
ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712)

Added:
   dists/squeeze/linux-2.6/debian/patches/bugfix/all/ALSA-caiaq-Fix-possible-string-buffer-overflow.patch
Modified:
   dists/squeeze/linux-2.6/debian/changelog
   dists/squeeze/linux-2.6/debian/patches/series/31

Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog	Mon Feb 28 04:19:00 2011	(r16950)
+++ dists/squeeze/linux-2.6/debian/changelog	Mon Feb 28 04:34:16 2011	(r16951)
@@ -34,6 +34,7 @@
   * af_unix: Limit recursion level of passing sockets through sockets
     (variant of CVE-2010-4249)
   * iowarrior: Don't trust report_size for buffer size (CVE-2010-4656)
+  * ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712)
 
   [ dann frazier ]
   * xfs: fix information leak using stale NFS handle (CVE-2010-2943)

Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/ALSA-caiaq-Fix-possible-string-buffer-overflow.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/ALSA-caiaq-Fix-possible-string-buffer-overflow.patch	Mon Feb 28 04:34:16 2011	(r16951)
@@ -0,0 +1,46 @@
+From: Takashi Iwai <tiwai at suse.de>
+Date: Mon, 14 Feb 2011 22:45:59 +0100
+Subject: [PATCH] ALSA: caiaq - Fix possible string-buffer overflow
+
+commit eaae55dac6b64c0616046436b294e69fc5311581 upstream.
+
+Use strlcpy() to assure not to overflow the string array sizes by
+too long USB device name string.
+
+Reported-by: Rafa <rafa at mwrinfosecurity.com>
+Cc: stable <stable at kernel.org>
+Signed-off-by: Takashi Iwai <tiwai at suse.de>
+---
+ sound/usb/caiaq/audio.c |    2 +-
+ sound/usb/caiaq/midi.c  |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sound/usb/caiaq/audio.c b/sound/usb/caiaq/audio.c
+index 68b9747..66eabaf 100644
+--- a/sound/usb/caiaq/audio.c
++++ b/sound/usb/caiaq/audio.c
+@@ -785,7 +785,7 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *dev)
+ 	}
+ 
+ 	dev->pcm->private_data = dev;
+-	strcpy(dev->pcm->name, dev->product_name);
++	strlcpy(dev->pcm->name, dev->product_name, sizeof(dev->pcm->name));
+ 
+ 	memset(dev->sub_playback, 0, sizeof(dev->sub_playback));
+ 	memset(dev->sub_capture, 0, sizeof(dev->sub_capture));
+diff --git a/sound/usb/caiaq/midi.c b/sound/usb/caiaq/midi.c
+index 2f218c7..a1a4708 100644
+--- a/sound/usb/caiaq/midi.c
++++ b/sound/usb/caiaq/midi.c
+@@ -136,7 +136,7 @@ int snd_usb_caiaq_midi_init(struct snd_usb_caiaqdev *device)
+ 	if (ret < 0)
+ 		return ret;
+ 
+-	strcpy(rmidi->name, device->product_name);
++	strlcpy(rmidi->name, device->product_name, sizeof(rmidi->name));
+ 
+ 	rmidi->info_flags = SNDRV_RAWMIDI_INFO_DUPLEX;
+ 	rmidi->private_data = device;
+-- 
+1.7.4.1
+

Modified: dists/squeeze/linux-2.6/debian/patches/series/31
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/31	Mon Feb 28 04:19:00 2011	(r16950)
+++ dists/squeeze/linux-2.6/debian/patches/series/31	Mon Feb 28 04:34:16 2011	(r16951)
@@ -39,3 +39,4 @@
 + bugfix/all/af_unix-limit-recursion-level.patch
 + debian/af_unix-Avoid-ABI-change-from-introduction-of-recursion-limit.patch
 + bugfix/all/usb-iowarrior-don-t-trust-report_size-for-buffer-siz.patch
++ bugfix/all/ALSA-caiaq-Fix-possible-string-buffer-overflow.patch

More information about the Kernel-svn-changes mailing list