lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bf8a9353319566624f653531b80e5caf3d346ba1.1711176700.git.christophe.jaillet@wanadoo.fr>
Date: Sat, 23 Mar 2024 07:57:03 +0100
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: gregkh@...uxfoundation.org,
	jbrunet@...libre.com,
	ruslan.bilovol@...il.com
Cc: linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	kernel-janitors@...r.kernel.org,
	Christophe JAILLET <christophe.jaillet@...adoo.fr>
Subject: [PATCH 1/3] usb: gadget: u_audio: Fix the size of a buffer in a strscpy() call

The size given to strscpy() is not consistent with the destination buffer
that is used. The size is related to 'driver' and the buffer is
'mixername'.

sizeof(card->mixername) is 80 and sizeof(card->driver) is 16, so in
theory this could lead to unneeded string truncation.

In practice, this is not the case because g_audio_setup() has only 2
callers. 'card_name' is either "UAC1_Gadget" or "UAC2_Gadget".

Anyway, using the correct size is cleaner and more future proof.

In order to be less verbose, use the new 2-argument version of strscpy()
which computes auto-magically the size of the destination.

Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
---
Compile tested only.

As this doesn't fix anything in the real world, no Fixes tag is provided.
Should one not agree with me, it is:
Fixes: e89bb4288378 ("usb: gadget: u_audio: add real feedback implementation")
---
 drivers/usb/gadget/function/u_audio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/gadget/function/u_audio.c b/drivers/usb/gadget/function/u_audio.c
index 4a42574b4a7f..00ff623b4ebb 100644
--- a/drivers/usb/gadget/function/u_audio.c
+++ b/drivers/usb/gadget/function/u_audio.c
@@ -1257,7 +1257,7 @@ int g_audio_setup(struct g_audio *g_audio, const char *pcm_name,
 	if ((c_chmask && g_audio->in_ep_fback)
 			|| (p_chmask && params->p_fu.id)
 			|| (c_chmask && params->c_fu.id))
-		strscpy(card->mixername, card_name, sizeof(card->driver));
+		strscpy(card->mixername, card_name);
 
 	if (c_chmask && g_audio->in_ep_fback) {
 		kctl = snd_ctl_new1(&u_audio_controls[UAC_FBACK_CTRL],
-- 
2.44.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ