| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aEl_0XoK4Q__MOVU@stanley.mountain> Date: Wed, 11 Jun 2025 16:08:33 +0300 From: Dan Carpenter <dan.carpenter@...aro.org> To: Jaroslav Kysela <perex@...ex.cz> Cc: Takashi Iwai <tiwai@...e.com>, Lucy Thrun <lucy.thrun@...ital-rabbithole.de>, linux-sound@...r.kernel.org, linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org Subject: [PATCH] ALSA: hda/ca0132: use snprintf() for kernel hardenning In this sprintf(): sprintf(namestr, "%s %s Volume", name, dirstr[dir]); Then "namestr" and "name" buffer are both SNDRV_CTL_ELEM_ID_NAME_MAXLEN (44) characters long. We never actually use that full amount in real life so everything works fine, but static checkers complain that if name is 44 characters then when you combine that with the other strings it will lead to a buffer overflow. Using snprintf() silences the warning and makes the code a little bit safer for the future. Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org> --- sound/pci/hda/patch_ca0132.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c index cfe422a79703..5815552cbf89 100644 --- a/sound/pci/hda/patch_ca0132.c +++ b/sound/pci/hda/patch_ca0132.c @@ -4409,7 +4410,7 @@ static int add_tuning_control(struct hda_codec *codec, } knew.private_value = HDA_COMPOSE_AMP_VAL(nid, 1, 0, type); - sprintf(namestr, "%s %s Volume", name, dirstr[dir]); + snprintf(namestr, sizeof(namestr), "%s %s Volume", name, dirstr[dir]); return snd_hda_ctl_add(codec, nid, snd_ctl_new1(&knew, codec)); } -- 2.47.2
Powered by blists - more mailing lists