oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] kernel: ALSA: caiaq - Fix possible

[oss-security] kernel: ALSA: caiaq - Fix possible string-buffer overflow

From: Eugene Teo <eugene_at_nospam>
Date: Wed Feb 16 2011 - 08:43:28 GMT
To: oss-security@lists.openwall.com

Reported by rafa@mwrinfosecurity.com, "Use strlcpy() to assure not to
overflow the string array sizes by too long USB device name string."

http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=eaae55dac6b64c0616046436b294e69fc5311581

Just FYI, I'm not requesting a CVE name for this as it only affects
Native Instruments USB audio devices with very long device name which I
think is unlikely.

https://bugzilla.redhat.com/show_bug.cgi?id=677881

Thanks, Eugene