unimore/kernel-hacking-2024-linux-steffo
unimore/kernel-hacking-2024-linux-steffo
1
Fork 0
Code Pull requests 5 Wiki Activity
kernel-hacking-2024-linux-s.../sound
History
Takashi Iwai 27f7ad5382 ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open() 
The error handling in snd_seq_oss_open() has several bad codes that
do dereferecing released pointers and double-free of kmalloc'ed data.
The object dp is release in free_devinfo() that is called via
private_free callback.  The rest shouldn't touch this object any more.

The patch changes delete_port() to call kfree() in any case, and gets
rid of unnecessary calls of destructors in snd_seq_oss_open().

Fixes CVE-2010-3080.

Reported-and-tested-by: Tavis Ormandy <taviso@cmpxchg8b.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-08 10:45:34 +02:00
..
aoa of/device: Replace struct of_device with struct platform_device 2010-08-06 09:25:50 -06:00
arm
atmel
core ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open() 2010-09-08 10:45:34 +02:00
drivers Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6 2010-08-07 17:07:31 -07:00
i2c
isa ALSA: msnd-classic: Fix invalid cfg parameter 2010-09-08 09:58:12 +02:00
mips
oss sound: oss: fix uninitialized spinlock 2010-08-28 11:57:54 +02:00
parisc
pci ALSA: virtuoso: fix setting of Xonar DS line-in/mic-in controls 2010-09-08 08:26:15 +02:00
pcmcia pcmcia: do not use io_req_t when calling pcmcia_request_io() 2010-08-03 09:04:11 +02:00
ppc
sh
soc ASoC: soc-core: fix debugfs_pop_time file permissions 2010-08-27 19:58:40 +01:00
sparc of/device: Replace struct of_device with struct platform_device 2010-08-06 09:25:50 -06:00
spi
synth
usb ALSA: usb - Release capture substream URBs properly 2010-09-08 08:27:02 +02:00
ac97_bus.c
Kconfig
last.c
Makefile
sound_core.c sound: push BKL into open functions 2010-07-12 17:41:05 +02:00
sound_firmware.c