I spotted this while reading code a few weeks ago, and I ran it through
the Ubuntu security team just to be sure.
They decided it was not needing any security embargo or similar, so here
comes the patch.
--
David Henningsson, Canonical Ltd.
http://launchpad.net/~diwic
>From 3333d9bb8d8f9cc95f9dbf68d0a703a4e832a948 Mon Sep 17 00:00:00 2001
From: David Henningsson <david.henningsson@xxxxxxxxxxxxx>
Date: Wed, 8 Dec 2010 11:06:59 +0100
Subject: [PATCH] Fix possible sprintf overrun in snd_pcm_hw_open
BugLink: http://launchpad.net/bugs/668487
Possible buffer overrun if the number of "card" and "device"
are absurdly high, especially on 64-bit platforms.
Signed-off-by: David Henningsson <david.henningsson@xxxxxxxxxxxxx>
---
src/pcm/pcm_hw.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/pcm/pcm_hw.c b/src/pcm/pcm_hw.c
index 9d243d5..ce74ad4 100644
--- a/src/pcm/pcm_hw.c
+++ b/src/pcm/pcm_hw.c
@@ -1270,7 +1270,7 @@ int snd_pcm_hw_open(snd_pcm_t **pcmp, const char *name,
SNDERR("invalid stream %d", stream);
return -EINVAL;
}
- sprintf(filename, filefmt, card, device);
+ snprintf(filename, sizeof(filename), filefmt, card, device);
__again:
if (attempt++ > 3) {
--
1.7.1
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
