From: lizf@kernel.org
To: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Takashi Iwai <tiwai@suse.de>,
        Zefan Li <lizefan@huawei.com>
Subject: [PATCH 3.4 091/172] ALSA: control: Add sanity checks for user ctl id name string
Date: Tue, 16 Jun 2015 16:35:45 +0800
Message-Id: <1434443826-4929-91-git-send-email-lizf@kernel.org>
In-Reply-To: <1434443587-4599-1-git-send-email-lizf@kernel.org>
References: <1434443587-4599-1-git-send-email-lizf@kernel.org>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1369
Lines: 42

From: Takashi Iwai <tiwai@suse.de>

3.4.108-rc1 review patch.  If anyone has any objections, please let me know.

------------------


commit be3bb8236db2d0fcd705062ae2e2a9d75131222f upstream.

There was no check about the id string of user control elements, so we
accepted even a control element with an empty string, which is
obviously bogus.  This patch adds more sanity checks of id strings.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Zefan Li <lizefan@huawei.com>
---
 sound/core/control.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sound/core/control.c b/sound/core/control.c
index e773d5e..8fb4d24 100644
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -1164,6 +1164,10 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file,
 
 	if (info->count < 1)
 		return -EINVAL;
+	if (!*info->id.name)
+		return -EINVAL;
+	if (strnlen(info->id.name, sizeof(info->id.name)) >= sizeof(info->id.name))
+		return -EINVAL;
 	access = info->access == 0 ? SNDRV_CTL_ELEM_ACCESS_READWRITE :
 		(info->access & (SNDRV_CTL_ELEM_ACCESS_READWRITE|
 				 SNDRV_CTL_ELEM_ACCESS_INACTIVE|
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/