ALSA: bebob: potential info leak in hwdep_read()
authorDan Carpenter <dan.carpenter@oracle.com>
Wed, 7 Oct 2020 07:49:28 +0000 (10:49 +0300)
committerTakashi Iwai <tiwai@suse.de>
Wed, 7 Oct 2020 15:33:52 +0000 (17:33 +0200)
The "count" variable needs to be capped on every path so that we don't
copy too much information to the user.

Fixes: 618eabeae711 ("ALSA: bebob: Add hwdep interface")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201007074928.GA2529578@mwanda
Signed-off-by: Takashi Iwai <tiwai@suse.de>
sound/firewire/bebob/bebob_hwdep.c

index 45b740f44c459ba881474a23320b0a9701712bdb..c362eb38ab906ce6a71bcdbc5f2485ccd8a5b19d 100644 (file)
@@ -36,12 +36,11 @@ hwdep_read(struct snd_hwdep *hwdep, char __user *buf,  long count,
        }
 
        memset(&event, 0, sizeof(event));
+       count = min_t(long, count, sizeof(event.lock_status));
        if (bebob->dev_lock_changed) {
                event.lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS;
                event.lock_status.status = (bebob->dev_lock_count > 0);
                bebob->dev_lock_changed = false;
-
-               count = min_t(long, count, sizeof(event.lock_status));
        }
 
        spin_unlock_irq(&bebob->lock);