Replace unsafe uses of strcpy() to copy the name
argument into the sid.name buffer with scnprintf()
to guard against possible buffer overflows.
Even though we don't actually care about the return
value in this specific case, scnprintf() is still
preferred over snprintf() due to scnprintf() returning
the much more logical length of what was *actually* encoded
into the destination array instead of returning length
the resulting string *would* be, assuming it all fit
into the destination array as snprintf() does.
Maybe one day someone will use the return value, and
since the behavior is exactly the same apart from the
return value it would be better to account for that
possibility and program defensively.
Signed-off-by: Joey Pabalinas <[email protected]>
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/sound/pci/ice1712/juli.c b/sound/pci/ice1712/juli.c
index 0dbaccf61f33270608..0abacc64168f895d53 100644
--- a/sound/pci/ice1712/juli.c
+++ b/sound/pci/ice1712/juli.c
@@ -26,6 +26,7 @@
#include <linux/delay.h>
#include <linux/interrupt.h>
#include <linux/init.h>
+#include <linux/kernel.h>
#include <linux/slab.h>
#include <sound/core.h>
#include <sound/tlv.h>
@@ -425,10 +426,9 @@ DECLARE_TLV_DB_SCALE(juli_master_db_scale, -6350, 50, 1);
static struct snd_kcontrol *ctl_find(struct snd_card *card,
const char *name)
{
- struct snd_ctl_elem_id sid;
- memset(&sid, 0, sizeof(sid));
- /* FIXME: strcpy is bad. */
- strcpy(sid.name, name);
+ struct snd_ctl_elem_id sid = {0};
+
+ scnprintf(sid.name, sizeof(sid.name), "%s", name);
sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
return snd_ctl_find_id(card, &sid);
}
diff --git a/sound/pci/ice1712/quartet.c b/sound/pci/ice1712/quartet.c
index d145b5eb7ff86d978d..332f6226548c6a089a 100644
--- a/sound/pci/ice1712/quartet.c
+++ b/sound/pci/ice1712/quartet.c
@@ -25,6 +25,7 @@
#include <linux/delay.h>
#include <linux/interrupt.h>
#include <linux/init.h>
+#include <linux/kernel.h>
#include <linux/slab.h>
#include <sound/core.h>
#include <sound/tlv.h>
@@ -785,10 +786,9 @@ DECLARE_TLV_DB_SCALE(qtet_master_db_scale, -6350, 50, 1);
static struct snd_kcontrol *ctl_find(struct snd_card *card,
const char *name)
{
- struct snd_ctl_elem_id sid;
- memset(&sid, 0, sizeof(sid));
- /* FIXME: strcpy is bad. */
- strcpy(sid.name, name);
+ struct snd_ctl_elem_id sid = {0};
+
+ scnprintf(sid.name, sizeof(sid.name), "%s", name);
sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
return snd_ctl_find_id(card, &sid);
}
--
2.16.2
On Thu, Mar 1, 2018 at 1:45 PM, Joey Pabalinas <[email protected]> wrote:
> Replace unsafe uses of strcpy() to copy the name
> argument into the sid.name buffer with scnprintf()
> to guard against possible buffer overflows.
> - struct snd_ctl_elem_id sid;
> - memset(&sid, 0, sizeof(sid));
> - /* FIXME: strcpy is bad. */
> - strcpy(sid.name, name);
> + struct snd_ctl_elem_id sid = {0};
> +
> + scnprintf(sid.name, sizeof(sid.name), "%s", name);
So, why not just use strlcpy()?
scnprintf() here adds an overhead for no benefit.
> sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
> return snd_ctl_find_id(card, &sid);
> - struct snd_ctl_elem_id sid;
> - memset(&sid, 0, sizeof(sid));
> - /* FIXME: strcpy is bad. */
> - strcpy(sid.name, name);
> + struct snd_ctl_elem_id sid = {0};
> +
> + scnprintf(sid.name, sizeof(sid.name), "%s", name);
> sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
> return snd_ctl_find_id(card, &sid);
Ditto.
--
With Best Regards,
Andy Shevchenko
On Thu, Mar 01, 2018 at 03:55:09PM +0200, Andy Shevchenko wrote:
> So, why not just use strlcpy()?
> scnprintf() here adds an overhead for no benefit.
That's a good point, actually. Revising it now; patch
will follow shortly.
--
Joey Pabalinas
Replace unsafe usages of strcpy() to copy the name
argument into the sid.name buffer with strlcpy()
to guard against possible buffer overflows.
Signed-off-by: Joey Pabalinas <[email protected]>
Suggested-by: Andy Shevchenko <[email protected]>
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/sound/pci/ice1712/juli.c b/sound/pci/ice1712/juli.c
index 0dbaccf61f33270608..21806bab4757241a9e 100644
--- a/sound/pci/ice1712/juli.c
+++ b/sound/pci/ice1712/juli.c
@@ -27,6 +27,7 @@
#include <linux/interrupt.h>
#include <linux/init.h>
#include <linux/slab.h>
+#include <linux/string.h>
#include <sound/core.h>
#include <sound/tlv.h>
@@ -425,10 +426,9 @@ DECLARE_TLV_DB_SCALE(juli_master_db_scale, -6350, 50, 1);
static struct snd_kcontrol *ctl_find(struct snd_card *card,
const char *name)
{
- struct snd_ctl_elem_id sid;
- memset(&sid, 0, sizeof(sid));
- /* FIXME: strcpy is bad. */
- strcpy(sid.name, name);
+ struct snd_ctl_elem_id sid = {0};
+
+ strlcpy(sid.name, name, sizeof(sid.name));
sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
return snd_ctl_find_id(card, &sid);
}
diff --git a/sound/pci/ice1712/quartet.c b/sound/pci/ice1712/quartet.c
index d145b5eb7ff86d978d..5bc836241c977feb51 100644
--- a/sound/pci/ice1712/quartet.c
+++ b/sound/pci/ice1712/quartet.c
@@ -26,6 +26,7 @@
#include <linux/interrupt.h>
#include <linux/init.h>
#include <linux/slab.h>
+#include <linux/string.h>
#include <sound/core.h>
#include <sound/tlv.h>
#include <sound/info.h>
@@ -785,10 +786,9 @@ DECLARE_TLV_DB_SCALE(qtet_master_db_scale, -6350, 50, 1);
static struct snd_kcontrol *ctl_find(struct snd_card *card,
const char *name)
{
- struct snd_ctl_elem_id sid;
- memset(&sid, 0, sizeof(sid));
- /* FIXME: strcpy is bad. */
- strcpy(sid.name, name);
+ struct snd_ctl_elem_id sid = {0};
+
+ strlcpy(sid.name, name, sizeof(sid.name));
sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
return snd_ctl_find_id(card, &sid);
}
--
2.16.2
On Thu, Mar 1, 2018 at 4:17 PM, Joey Pabalinas <[email protected]> wrote:
> Replace unsafe usages of strcpy() to copy the name
> argument into the sid.name buffer with strlcpy()
> to guard against possible buffer overflows.
>
> Signed-off-by: Joey Pabalinas <[email protected]>
> Suggested-by: Andy Shevchenko <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
> 2 files changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/sound/pci/ice1712/juli.c b/sound/pci/ice1712/juli.c
> index 0dbaccf61f33270608..21806bab4757241a9e 100644
> --- a/sound/pci/ice1712/juli.c
> +++ b/sound/pci/ice1712/juli.c
> @@ -27,6 +27,7 @@
> #include <linux/interrupt.h>
> #include <linux/init.h>
> #include <linux/slab.h>
> +#include <linux/string.h>
> #include <sound/core.h>
> #include <sound/tlv.h>
>
> @@ -425,10 +426,9 @@ DECLARE_TLV_DB_SCALE(juli_master_db_scale, -6350, 50, 1);
> static struct snd_kcontrol *ctl_find(struct snd_card *card,
> const char *name)
> {
> - struct snd_ctl_elem_id sid;
> - memset(&sid, 0, sizeof(sid));
> - /* FIXME: strcpy is bad. */
> - strcpy(sid.name, name);
> + struct snd_ctl_elem_id sid = {0};
> +
> + strlcpy(sid.name, name, sizeof(sid.name));
> sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
> return snd_ctl_find_id(card, &sid);
> }
> diff --git a/sound/pci/ice1712/quartet.c b/sound/pci/ice1712/quartet.c
> index d145b5eb7ff86d978d..5bc836241c977feb51 100644
> --- a/sound/pci/ice1712/quartet.c
> +++ b/sound/pci/ice1712/quartet.c
> @@ -26,6 +26,7 @@
> #include <linux/interrupt.h>
> #include <linux/init.h>
> #include <linux/slab.h>
> +#include <linux/string.h>
> #include <sound/core.h>
> #include <sound/tlv.h>
> #include <sound/info.h>
> @@ -785,10 +786,9 @@ DECLARE_TLV_DB_SCALE(qtet_master_db_scale, -6350, 50, 1);
> static struct snd_kcontrol *ctl_find(struct snd_card *card,
> const char *name)
> {
> - struct snd_ctl_elem_id sid;
> - memset(&sid, 0, sizeof(sid));
> - /* FIXME: strcpy is bad. */
> - strcpy(sid.name, name);
> + struct snd_ctl_elem_id sid = {0};
> +
> + strlcpy(sid.name, name, sizeof(sid.name));
> sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
> return snd_ctl_find_id(card, &sid);
> }
> --
> 2.16.2
--
With Best Regards,
Andy Shevchenko
On Thu, 01 Mar 2018 15:17:07 +0100,
Joey Pabalinas wrote:
>
> Replace unsafe usages of strcpy() to copy the name
> argument into the sid.name buffer with strlcpy()
> to guard against possible buffer overflows.
>
> Signed-off-by: Joey Pabalinas <[email protected]>
> Suggested-by: Andy Shevchenko <[email protected]>
>
> 2 files changed, 8 insertions(+), 8 deletions(-)
Thanks, applied now.
Takashi
On Thu, Mar 01, 2018 at 04:13:48PM +0100, Takashi Iwai wrote:
> Thanks, applied now.
Cheers
--
Joey Pabalinas