[alsa-devel] [PATCH v3 3/3] ALSA: usb-audio: Add sanity checks in UAC3 clock parsers
Ruslan Bilovol
ruslan.bilovol at gmail.com
Fri Apr 6 10:45:18 CEST 2018
On Thu, Apr 5, 2018 at 3:11 PM, Takashi Iwai <tiwai at suse.de> wrote:
> The UAC3 clock parser codes lack of the sanity checks for malformed
> descriptors like UAC2 parser does. Without it, the driver may lead to
> a potential crash.
Reviewed-by: Ruslan Bilovol <ruslan.bilovol at gmail.com>
And also I tested this patch along with patch #1 and don't see any issue,
so feel free to add to both:
Tested-by: Ruslan Bilovol <ruslan.bilovol at gmail.com>
Thanks,
Ruslan
>
> Fixes: 9a2fe9b801f5 ("ALSA: usb: initial USB Audio Device Class 3.0 support")
> Signed-off-by: Takashi Iwai <tiwai at suse.de>
> ---
> sound/usb/clock.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/sound/usb/clock.c b/sound/usb/clock.c
> index cbf68ab01836..29b7c85635e3 100644
> --- a/sound/usb/clock.c
> +++ b/sound/usb/clock.c
> @@ -58,7 +58,7 @@ static bool validate_clock_source_v2(void *p, int id)
> static bool validate_clock_source_v3(void *p, int id)
> {
> struct uac3_clock_source_descriptor *cs = p;
> - return cs->bClockID == id;
> + return cs->bLength == sizeof(*cs) && cs->bClockID == id;
> }
>
> static bool validate_clock_selector_v2(void *p, int id)
> @@ -71,7 +71,8 @@ static bool validate_clock_selector_v2(void *p, int id)
> static bool validate_clock_selector_v3(void *p, int id)
> {
> struct uac3_clock_selector_descriptor *cs = p;
> - return cs->bClockID == id;
> + return cs->bLength >= sizeof(*cs) && cs->bClockID == id &&
> + cs->bLength == 11 + cs->bNrInPins;
> }
>
> static bool validate_clock_multiplier_v2(void *p, int id)
> @@ -83,7 +84,7 @@ static bool validate_clock_multiplier_v2(void *p, int id)
> static bool validate_clock_multiplier_v3(void *p, int id)
> {
> struct uac3_clock_multiplier_descriptor *cs = p;
> - return cs->bClockID == id;
> + return cs->bLength == sizeof(*cs) && cs->bClockID == id;
> }
>
> #define DEFINE_FIND_HELPER(name, obj, validator, type) \
> --
> 2.16.2
>
More information about the Alsa-devel
mailing list