asgardius/alsa-utils
1
0
Fork 0
mirror of https://github.com/alsa-project/alsa-utils synced 2024-12-22 08:06:30 +01:00
Code Issues Projects Releases Packages Wiki Activity
alsa-utils/aplay
History
Mingjie Shen 4ce6a0a4af aplay: fix buffer overflow and tainted format string 
Prior this commit, memcpy from names[0] to format[] will overwrite if
strlen(names[0]) is greater than 1024. Also, the length of malloc()ed
names[channel] is insufficient, leading to another buffer overwriting
when calling sprintf(). Moreover, the format string of sprintf()
can be controlled by user input. An attacker can exploit this weakness
to crash the program, disclose information or even execute arbitrary
code.

Fix by allocating enough space for arrays and using constant expressions
as the format strings.

Fixes: https://github.com/alsa-project/alsa-utils/pull/246/
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2023-12-08 20:00:13 +01:00
..
aplay.1 minor aplay man page correction 2020-10-06 13:19:00 +02:00
aplay.c aplay: fix buffer overflow and tainted format string 2023-12-08 20:00:13 +01:00
formats.h aplay: use stdint.h types instead u_int/u_short/u_char 2023-10-17 13:45:42 +02:00
Makefile.am Makefiles - use AM_CPPFLAGS instead INCLUDES 2014-05-07 10:55:59 +02:00