From patchwork Wed Oct  7 15:56:58 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: iceberg <strakh@ispras.ru>
X-Patchwork-Id: 52256
Received: from vger.kernel.org (vger.kernel.org [209.132.176.167])
	by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n97C1bmR001755
	for <patchwork-media@patchwork.kernel.org>;
	Wed, 7 Oct 2009 12:01:38 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932757AbZJGLzF (ORCPT
	<rfc822;patchwork-media@patchwork.kernel.org>);
	Wed, 7 Oct 2009 07:55:05 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S932747AbZJGLzD
	(ORCPT <rfc822;linux-media-outgoing>);
	Wed, 7 Oct 2009 07:55:03 -0400
Received: from smtp.ispras.ru ([83.149.198.201]:42391 "EHLO smtp.ispras.ru"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753998AbZJGLy7 (ORCPT <rfc822;linux-media@vger.kernel.org>);
	Wed, 7 Oct 2009 07:54:59 -0400
Received: from ispserv.ispras.ru (ispserv.ispras.ru [83.149.198.72])
	by smtp.ispras.ru (Postfix) with ESMTP id 9451C5D41B1;
	Wed,  7 Oct 2009 15:19:05 +0400 (MSD)
Received: from pamir.localnet (pamir.kazbek.ispras.ru [83.149.199.144])
	by ispserv.ispras.ru (Postfix) with ESMTP id BE6A33FC48;
	Wed,  7 Oct 2009 15:54:22 +0400 (MSD)
From: Alexander Strakh <strakh@ispras.ru>
Organization: ISP RAS
To: Simon Evans <spse@secret.org.uk>,
	Mauro Carvalho Chehab <mchehab@infradead.org>,
	linux-media@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] konicawc.c: possible buffer overflow while use strncat.
Date: Wed, 7 Oct 2009 15:56:58 +0000
User-Agent: KMail/1.10.3 (Linux/2.6.27.29-0.1-default; KDE/4.1.3; x86_64; ; )
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200910071556.59139.strakh@ispras.ru>
Sender: linux-media-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-media.vger.kernel.org>
X-Mailing-List: linux-media@vger.kernel.org


diff --git a/./a/drivers/media/video/usbvideo/konicawc.c 
b/./b/drivers/media/video/usbvideo/konicawc.c
index 31d57f2..a0addcb 100644
--- a/./a/drivers/media/video/usbvideo/konicawc.c
+++ b/./b/drivers/media/video/usbvideo/konicawc.c
@@ -225,7 +225,7 @@ static void konicawc_register_input(struct konicawc *cam, 
struct usb_device *dev
 	int error;
 
 	usb_make_path(dev, cam->input_physname, sizeof(cam->input_physname));
-	strncat(cam->input_physname, "/input0", sizeof(cam->input_physname));
+	strlcat(cam->input_physname, "/input0", sizeof(cam->input_physname));
 
 	cam->input = input_dev = input_allocate_device();