redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/sound/core
History
Takashi Iwai 27f7ad5382 ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open() 
The error handling in snd_seq_oss_open() has several bad codes that
do dereferecing released pointers and double-free of kmalloc'ed data.
The object dp is release in free_devinfo() that is called via
private_free callback.  The rest shouldn't touch this object any more.

The patch changes delete_port() to call kfree() in any case, and gets
rid of unnecessary calls of destructors in snd_seq_oss_open().

Fixes CVE-2010-3080.

Reported-and-tested-by: Tavis Ormandy <taviso@cmpxchg8b.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-08 10:45:34 +02:00
..
oss ALSA: core - Define llseek fops 2010-04-13 12:01:21 +02:00
seq ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open() 2010-09-08 10:45:34 +02:00
control.c ALSA: core - Define llseek fops 2010-04-13 12:01:21 +02:00
control_compat.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
device.c
hrtimer.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
hwdep.c
hwdep_compat.c
info.c ALSA: info - Implement common llseek for binary mode 2010-04-13 12:01:20 +02:00
info_oss.c
init.c ALSA: Remove struct snd_monitor_file from public sound/core.h 2009-09-07 15:50:18 +02:00
isadma.c ALSA: snd_dma_pointer workaround for chipsets with buggy DMA 2009-10-11 18:03:13 +02:00
jack.c Merge branch 'topic/jack' into for-linus 2010-05-20 11:59:37 +02:00
Kconfig ALSA: sound/core/pcm_timer.c: use lib/gcd.c 2009-12-22 08:24:35 +01:00
Makefile
memalloc.c
memory.c
misc.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
pcm.c ALSA: pcm: add more format names 2010-08-28 11:59:33 +02:00
pcm_compat.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
pcm_lib.c ALSA: pcm core - add a safe check to the silence filling function 2010-07-19 16:47:01 +02:00
pcm_memory.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
pcm_misc.c ALSA: pcm: Define G723 3-bit and 5-bit formats 2010-05-31 09:10:03 +02:00
pcm_native.c ALSA: emu10k1 - delay the PCM interrupts (add pcm_irq_delay parameter) 2010-08-18 15:10:59 +02:00
pcm_timer.c ALSA: sound/core/pcm_timer.c: use lib/gcd.c 2009-12-22 08:24:35 +01:00
rawmidi.c ALSA: core - Define llseek fops 2010-04-13 12:01:21 +02:00
rawmidi_compat.c
rtctimer.c
sgbuf.c
sound.c ALSA: Remove BKL from open multiplexer 2010-04-09 10:28:36 +02:00
sound_oss.c ALSA: Remove warning message for invalid OSS minor ranges 2010-01-18 14:18:55 +01:00
timer.c Merge branch 'topic/core-cleanup' into for-linus 2010-05-20 11:58:57 +02:00
timer_compat.c
vmaster.c