Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/dev CID-1427745: kill possible buffer overflows.



details:   https://anonhg.NetBSD.org/src/rev/2636611cfcad
branches:  trunk
changeset: 358896:2636611cfcad
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Jan 21 17:34:33 2018 +0000

description:
CID-1427745: kill possible buffer overflows.

diffstat:

 sys/dev/audio.c |  26 +++++++++++++++-----------
 1 files changed, 15 insertions(+), 11 deletions(-)

diffs (71 lines):

diff -r 5df467850473 -r 2636611cfcad sys/dev/audio.c
--- a/sys/dev/audio.c   Sun Jan 21 17:22:55 2018 +0000
+++ b/sys/dev/audio.c   Sun Jan 21 17:34:33 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: audio.c,v 1.450 2018/01/12 04:10:10 nat Exp $  */
+/*     $NetBSD: audio.c,v 1.451 2018/01/21 17:34:33 christos Exp $     */
 
 /*-
  * Copyright (c) 2016 Nathanial Sloss <nathanialsloss%yahoo.com.au@localhost>
@@ -148,7 +148,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.450 2018/01/12 04:10:10 nat Exp $");
+__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.451 2018/01/21 17:34:33 christos Exp $");
 
 #ifdef _KERNEL_OPT
 #include "audio.h"
@@ -5775,11 +5775,15 @@
 
 }
 
+static void
+unitscopy(mixer_devinfo_t *di, const char *name)
+{
+       strlcpy(di->un.v.units.name, name, sizeof(di->un.v.units.name));
+}
+
 static int
 audio_query_devinfo(struct audio_softc *sc, mixer_devinfo_t *di)
 {
-       char mixLabel[255];
-
        KASSERT(mutex_owned(sc->sc_lock));
 
        if (sc->sc_static_nmixer_states == 0 || sc->sc_nmixer_states == 0)
@@ -5790,27 +5794,27 @@
                if (di->index == sc->sc_static_nmixer_states - 1) {
                        di->mixer_class = sc->sc_static_nmixer_states -1;
                        di->next = di->prev = AUDIO_MIXER_LAST;
-                       strcpy(di->label.name, AudioCvirtchan);
+                       strlcpy(di->label.name, AudioCvirtchan,
+                           sizeof(di->label.name));
                        di->type = AUDIO_MIXER_CLASS;
                } else if ((di->index - sc->sc_static_nmixer_states) % 2 == 0) {
                        di->mixer_class = sc->sc_static_nmixer_states -1;
-                       snprintf(mixLabel, sizeof(mixLabel), AudioNdac"%d",
+                       snprintf(di->label.name, sizeof(di->label.name),
+                           AudioNdac"%d",
                            (di->index - sc->sc_static_nmixer_states) / 2);
-                       strcpy(di->label.name, mixLabel);
                        di->type = AUDIO_MIXER_VALUE;
                        di->next = di->prev = AUDIO_MIXER_LAST;
                        di->un.v.num_channels = 1;
-                       strcpy(di->un.v.units.name, AudioNvolume);
+                       unitscopy(di, AudioNvolume);
                } else {
                        di->mixer_class = sc->sc_static_nmixer_states -1;
-                       snprintf(mixLabel, sizeof(mixLabel),
+                       snprintf(di->label.name, sizeof(di->label.name),
                            AudioNmicrophone "%d",
                            (di->index - sc->sc_static_nmixer_states) / 2);
-                       strcpy(di->label.name, mixLabel);
                        di->type = AUDIO_MIXER_VALUE;
                        di->next = di->prev = AUDIO_MIXER_LAST;
                        di->un.v.num_channels = 1;
-                       strcpy(di->un.v.units.name, AudioNvolume);
+                       unitscopy(di, AudioNvolume);
                }
 
                return 0;



Home | Main Index | Thread Index | Old Index