summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2018-04-03 18:45:19 +0300
committerTakashi Iwai <tiwai@suse.de>2018-04-07 14:07:17 +0300
commitb580fbfff13b01fa79a0760cbb6386f33bc9e10b (patch)
tree6990175a3594dab8dad9c0b2e180e927d79b272f
parentf5d76e9c40fd8791202d31c66a63f6f7ebbb8dcb (diff)
downloadlinux-b580fbfff13b01fa79a0760cbb6386f33bc9e10b.tar.xz
ALSA: usb-audio: Add sanity checks in UAC3 clock parsers
The UAC3 clock parser codes lack of the sanity checks for malformed descriptors like UAC2 parser does. Without it, the driver may lead to a potential crash. Fixes: 9a2fe9b801f5 ("ALSA: usb: initial USB Audio Device Class 3.0 support") Tested-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Reviewed-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-rw-r--r--sound/usb/clock.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/sound/usb/clock.c b/sound/usb/clock.c
index 30cfd5b1bdfb..0b030d8fe3fa 100644
--- a/sound/usb/clock.c
+++ b/sound/usb/clock.c
@@ -58,7 +58,7 @@ static bool validate_clock_source_v2(void *p, int id)
static bool validate_clock_source_v3(void *p, int id)
{
struct uac3_clock_source_descriptor *cs = p;
- return cs->bClockID == id;
+ return cs->bLength == sizeof(*cs) && cs->bClockID == id;
}
static bool validate_clock_selector_v2(void *p, int id)
@@ -71,7 +71,8 @@ static bool validate_clock_selector_v2(void *p, int id)
static bool validate_clock_selector_v3(void *p, int id)
{
struct uac3_clock_selector_descriptor *cs = p;
- return cs->bClockID == id;
+ return cs->bLength >= sizeof(*cs) && cs->bClockID == id &&
+ cs->bLength == 11 + cs->bNrInPins;
}
static bool validate_clock_multiplier_v2(void *p, int id)
@@ -83,7 +84,7 @@ static bool validate_clock_multiplier_v2(void *p, int id)
static bool validate_clock_multiplier_v3(void *p, int id)
{
struct uac3_clock_multiplier_descriptor *cs = p;
- return cs->bClockID == id;
+ return cs->bLength == sizeof(*cs) && cs->bClockID == id;
}
#define DEFINE_FIND_HELPER(name, obj, validator, type) \