mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-25 21:54:06 +08:00
27f7ad5382
The error handling in snd_seq_oss_open() has several bad codes that do dereferecing released pointers and double-free of kmalloc'ed data. The object dp is release in free_devinfo() that is called via private_free callback. The rest shouldn't touch this object any more. The patch changes delete_port() to call kfree() in any case, and gets rid of unnecessary calls of destructors in snd_seq_oss_open(). Fixes CVE-2010-3080. Reported-and-tested-by: Tavis Ormandy <taviso@cmpxchg8b.com> Cc: <stable@kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> |
||
---|---|---|
.. | ||
Makefile | ||
seq_oss_device.h | ||
seq_oss_event.c | ||
seq_oss_event.h | ||
seq_oss_init.c | ||
seq_oss_ioctl.c | ||
seq_oss_midi.c | ||
seq_oss_midi.h | ||
seq_oss_readq.c | ||
seq_oss_readq.h | ||
seq_oss_rw.c | ||
seq_oss_synth.c | ||
seq_oss_synth.h | ||
seq_oss_timer.c | ||
seq_oss_timer.h | ||
seq_oss_writeq.c | ||
seq_oss_writeq.h | ||
seq_oss.c |