[alsa-lib] ucm: Use strncmp to avoid access-out-of-boundary

Message ID	20191129193530.51415-1-paulhsia@chromium.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=Vfj9=ZV=alsa-project.org=alsa-devel-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1145221736 From: Chih-Yang Hsia <paulhsia@chromium.org> To: Mark Brown <broonie@kernel.org>, Takashi Iwai <tiwai@suse.com> Date: Sat, 30 Nov 2019 03:35:30 +0800 Message-Id: <20191129193530.51415-1-paulhsia@chromium.org> MIME-Version: 1.0 Cc: alsa-devel@alsa-project.org, paulhsia <paulhsia@chromium.org> Subject: [alsa-devel] [PATCH alsa-lib] ucm: Use strncmp to avoid access-out-of-boundary Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: alsa-devel-bounces@alsa-project.org Sender: "Alsa-devel" <alsa-devel-bounces@alsa-project.org>
Series	[alsa-lib] ucm: Use strncmp to avoid access-out-of-boundary \| expand [alsa-lib] ucm: Use strncmp to avoid access-out-of-boundary

Message ID

20191129193530.51415-1-paulhsia@chromium.org (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1145221736
From: Chih-Yang Hsia <paulhsia@chromium.org>
To: Mark Brown <broonie@kernel.org>,
	Takashi Iwai <tiwai@suse.com>
Date: Sat, 30 Nov 2019 03:35:30 +0800
Message-Id: <20191129193530.51415-1-paulhsia@chromium.org>
MIME-Version: 1.0
Cc: alsa-devel@alsa-project.org, paulhsia <paulhsia@chromium.org>
Subject: [alsa-devel] [PATCH alsa-lib] ucm: Use strncmp to avoid
	access-out-of-boundary
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: alsa-devel-bounces@alsa-project.org
Sender: "Alsa-devel" <alsa-devel-bounces@alsa-project.org>

Series

[alsa-lib] ucm: Use strncmp to avoid access-out-of-boundary | expand

Commit Message

Chih-Yang Hsia Nov. 29, 2019, 7:35 p.m. UTC

From: paulhsia <paulhsia@chromium.org>

If the length of the identifier is less than the length of the prefix,
access-out-of-boundary will occur in memcmp().

Signed-off-by: paulhsia <paulhsia@chromium.org>
---
 src/ucm/main.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

Comments

Jaroslav Kysela Nov. 29, 2019, 7:50 p.m. UTC | #1

Dne 29. 11. 19 v 20:35 Chih-Yang Hsia napsal(a):
> From: paulhsia <paulhsia@chromium.org>
> 
> If the length of the identifier is less than the length of the prefix,
> access-out-of-boundary will occur in memcmp().

Applied. Thank you for your contribution.

					Jaroslav

diff --git a/src/ucm/main.c b/src/ucm/main.c
index b0b6ffb3..252e50d9 100644
--- a/src/ucm/main.c
+++ b/src/ucm/main.c
@@ -61,11 +61,13 @@  static int check_identifier(const char *identifier, const char *prefix)
 {
 	int len;
 
-	if (strcmp(identifier, prefix) == 0)
-		return 1;
 	len = strlen(prefix);
-	if (memcmp(identifier, prefix, len) == 0 && identifier[len] == '/')
+	if (strncmp(identifier, prefix, len) != 0)
+		return 0;
+
+	if (identifier[len] == 0 || identifier[len] == '/')
 		return 1;
+
 	return 0;
 }

[alsa-lib] ucm: Use strncmp to avoid access-out-of-boundary

Commit Message

Comments

Patch