Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow

[Eugene Teo <eugene () redhat com>]

On 02/16/2011 09:48 PM, Josh Bressers wrote:
> ----- Original Message -----
> > Reported by rafa () mwrinfosecurity com, "Use strlcpy() to assure not to
> > overflow the string array sizes by too long USB device name string."
> >
> > http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=eaae55dac6b64c0616046436b294e69fc5311581
> >
> > Just FYI, I'm not requesting a CVE name for this as it only affects
> > Native Instruments USB audio devices with very long device name which I
> > think is unlikely.
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=677881
>
> I'm assigning this CVE-2011-0712.
>
> With the recent research about having a smartphone impersonate various USB
> devices, I think this attack is now more plausible than in previous years.

Actually this is hardware-specific, and the strcpys are in the 
initialisation part of the code.

Eugene