On Sat, 05 May 2018 20:38:03 +0200, Wenwen Wang wrote: > > In snd_ctl_elem_add_compat(), the fields of the struct 'data' need to be > copied from the corresponding fields of the struct 'data32' in userspace. > This is achieved by invoking copy_from_user() and get_user() functions. The > problem here is that the 'type' field is copied twice. One is by > copy_from_user() and one is by get_user(). Given that the 'type' field is > not used between the two copies, the second copy is *completely* redundant > and should be removed for better performance and cleanup. Also, these two > copies can cause inconsistent data: as the struct 'data32' resides in > userspace and a malicious userspace process can race to change the 'type' > field between the two copies to cause inconsistent data. Depending on how > the data is used in the future, such an inconsistency may cause potential > security risks. > > For above reasons, we should take out the second copy. > > Signed-off-by: Wenwen Wang <wang6495@xxxxxxx> Applied now, thanks. Takashi _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
