Message ID | YAkassrrWUtsW6aZ@mwanda (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [1/2] ALSA: oxfw: fix info leak in hwdep_read() | expand |
Please ignore this one. Christophe JAILLET pointed out that the info leak isn't possible. I'll send a clean up patch instead. regards, dan carpenter
diff --git a/sound/firewire/oxfw/oxfw-hwdep.c b/sound/firewire/oxfw/oxfw-hwdep.c index 9e1b3e151bad..ca5477eeb663 100644 --- a/sound/firewire/oxfw/oxfw-hwdep.c +++ b/sound/firewire/oxfw/oxfw-hwdep.c @@ -35,12 +35,12 @@ static long hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count, } memset(&event, 0, sizeof(event)); + count = min_t(long, count, sizeof(event.lock_status)); if (oxfw->dev_lock_changed) { event.lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS; event.lock_status.status = (oxfw->dev_lock_count > 0); oxfw->dev_lock_changed = false; - count = min_t(long, count, sizeof(event.lock_status)); } spin_unlock_irq(&oxfw->lock);
If "count" is too large and "oxfw->dev_lock_changed" is false then this will copy beyond the end of the struct to user space. Fixes: 8985f4ac1c42 ("ALSA: oxfw: Add hwdep interface") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- sound/firewire/oxfw/oxfw-hwdep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)