| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Apr 2016 15:23:00 +0200
From: Jiri Slaby <jslaby@...e.cz>
To: stable@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, Takashi Iwai <tiwai@...e.de>,
Jiri Slaby <jslaby@...e.cz>
Subject: [PATCH 3.12 58/98] ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
From: Takashi Iwai <tiwai@...e.de>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit 0f886ca12765d20124bd06291c82951fd49a33be upstream.
create_fixed_stream_quirk() may cause a NULL-pointer dereference by
accessing the non-existing endpoint when a USB device with a malformed
USB descriptor is used.
This patch avoids it simply by adding a sanity check of bNumEndpoints
before the accesses.
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=971125
Signed-off-by: Takashi Iwai <tiwai@...e.de>
Signed-off-by: Jiri Slaby <jslaby@...e.cz>
---
sound/usb/quirks.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index 81d7e6a9725e..88fd1c561a15 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -168,6 +168,12 @@ static int create_fixed_stream_quirk(struct snd_usb_audio *chip,
}
alts = &iface->altsetting[fp->altset_idx];
altsd = get_iface_desc(alts);
+ if (altsd->bNumEndpoints < 1) {
+ kfree(fp);
+ kfree(rate_table);
+ return -EINVAL;
+ }
+
fp->protocol = altsd->bInterfaceProtocol;
if (fp->datainterval == 0)
--
2.8.1
Powered by blists - more mailing lists