[PATCH] ALSA: bebob: potential info leak in hwdep_read()
Dan Carpenter
dan.carpenter at oracle.com
Wed Oct 7 09:49:28 CEST 2020
The "count" variable needs to be capped on every path so that we don't
copy too much information to the user.
Fixes: 618eabeae711 ("ALSA: bebob: Add hwdep interface")
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
---
sound/firewire/bebob/bebob_hwdep.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sound/firewire/bebob/bebob_hwdep.c b/sound/firewire/bebob/bebob_hwdep.c
index 45b740f44c45..c362eb38ab90 100644
--- a/sound/firewire/bebob/bebob_hwdep.c
+++ b/sound/firewire/bebob/bebob_hwdep.c
@@ -36,12 +36,11 @@ hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count,
}
memset(&event, 0, sizeof(event));
+ count = min_t(long, count, sizeof(event.lock_status));
if (bebob->dev_lock_changed) {
event.lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS;
event.lock_status.status = (bebob->dev_lock_count > 0);
bebob->dev_lock_changed = false;
-
- count = min_t(long, count, sizeof(event.lock_status));
}
spin_unlock_irq(&bebob->lock);
--
2.28.0
More information about the Alsa-devel
mailing list