mirrors/alsa-lib
1
0
Fork 0
mirror of https://github.com/alsa-project/alsa-lib.git synced 2025-10-29 05:40:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

aserver: fix buffer overwriting

Browse source 
name array should allocate space for the null terminator. Also, need to
check if client->name has enough space for strcpy.

Closes: https://github.com/alsa-project/alsa-lib/pull/364
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
This commit is contained in:
Mingjie Shen 2023-11-15 16:40:07 -05:00 committed by Jaroslav Kysela
parent cd04da2bcf
commit 0e0a92bde2
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
aserver/aserver.c
View file

@ -738,7 +738,7 @@ static int snd_client_open(client_t *client)
ans.result = -EINVAL; ans.result = -EINVAL;
goto _answer; goto _answer;
} }
name = alloca(req.namelen); name = alloca(req.namelen + 1);
err = read(client->ctrl_fd, name, req.namelen); err = read(client->ctrl_fd, name, req.namelen);
if (err < 0) { if (err < 0) {
SYSERROR("read failed"); SYSERROR("read failed");
@ -775,6 +775,10 @@ static int snd_client_open(client_t *client)
name[req.namelen] = '\0'; name[req.namelen] = '\0';
client->transport_type = req.transport_type; client->transport_type = req.transport_type;
if (sizeof(client->name) < (size_t)(req.namelen + 1)) {
ans.result = -ENOMEM;
goto _answer;
}
strcpy(client->name, name); strcpy(client->name, name);
client->stream = req.stream; client->stream = req.stream;
client->mode = req.mode; client->mode = req.mode;