--- /dev/null
+From b41c15f4e1c1f1657da15c482fa837c1b7384452 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 7 Oct 2020 10:49:28 +0300
+Subject: ALSA: bebob: potential info leak in hwdep_read()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit b41c15f4e1c1f1657da15c482fa837c1b7384452 upstream.
+
+The "count" variable needs to be capped on every path so that we don't
+copy too much information to the user.
+
+Fixes: 618eabeae711 ("ALSA: bebob: Add hwdep interface")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20201007074928.GA2529578@mwanda
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/bebob/bebob_hwdep.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/sound/firewire/bebob/bebob_hwdep.c
++++ b/sound/firewire/bebob/bebob_hwdep.c
+@@ -37,12 +37,11 @@ hwdep_read(struct snd_hwdep *hwdep, char
+ }
+
+ memset(&event, 0, sizeof(event));
++ count = min_t(long, count, sizeof(event.lock_status));
+ if (bebob->dev_lock_changed) {
+ event.lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS;
+ event.lock_status.status = (bebob->dev_lock_count > 0);
+ bebob->dev_lock_changed = false;
+-
+- count = min_t(long, count, sizeof(event.lock_status));
+ }
+
+ spin_unlock_irq(&bebob->lock);
projects / thirdparty / kernel / stable-queue.git / commitdiff
