lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 12 Mar 2009 19:03:53 -0400
From:	Andy Walls <awalls@...ix.net>
To:	Michael Krufky <mkrufky@...uxtv.org>
Cc:	stable@...nel.org, LKML <linux-kernel@...r.kernel.org>,
	Jarod Wilson <jarod@...sonet.com>,
	LMML <linux-media@...r.kernel.org>
Subject: Re: Fwd: [stable] [PATCH] 2.6.27.y: fix NULL ptr deref in cx23885 
 video_open

On Thu, 2009-03-12 at 16:24 -0400, Michael Krufky wrote:
> Can we have this merged into -stable?  Jarod Wilson sent this last
> month, but he left off the cc to stable@...nel.org
> 
> Signed-off-by: Michael Krufky <mkrufky@...uxtv.org>

Mike,

A version of this is already in the v4l-dvb hg development repository:

hg log -vp --limit 1 linux/drivers/media/video/cx23885/cx23885-417.c
hg log -vp --limit 2 linux/drivers/media/video/cx23885/cx23885-video.c 

I helped Mark work through the solution: I coded some of it, he coded
some of it and he also tested it.

Regards,
Andy


> 
> ---------- Forwarded message ----------
> From: Jarod Wilson <jarod@...hat.com>
> Date: Tue, Feb 24, 2009 at 6:00 PM
> Subject: [stable] [PATCH] 2.6.27.y: fix NULL ptr deref in cx23885 video_open
> To: linux-kernel@...r.kernel.org
> Cc: Mike Krufky <mkrufky@...uxtv.org>
> 
> 
> From: Mark Jenks
> https://www.redhat.com/mailman/private/video4linux-list/2009-January/msg00041.html
> 
> The Hauppauge WinTV HVR-1800 tv tuner card has both digital and analog
> abilities, both of which are supported by v4l/dvb under 2.6.27.y. The analog
> side also features a hardware mpeg2 encoder. The HVR-1250 tv tuner card
> has both digital and analog abilities, but analog isn't currently supported
> under any kernel. These cards both utilize the cx23885 driver, but with
> slightly different usage. When the code paths for each card is executed,
> they wind up poking a cx23885_devlist, which contains devices from both
> of the cards, and access attempts are made to portions of 'struct
> cx23885_dev' that aren't valid for that device. Simply add some extra
> checks before trying to access these structs.
> 
> More gory details:
>  http://article.gmane.org/gmane.linux.drivers.dvb/46630
> 
> This was triggering on my own system at home w/both cards in it, and
> no longer happens with this patch included.
> 
> Signed-off-by: Jarod Wilson <jarod@...hat.com>
> Reviewed-by: Michael Krufky <mkrufky@...uxtv.org>
> 
> ---
> 
>  drivers/media/video/cx23885/cx23885-417.c   |    2 +-
>  drivers/media/video/cx23885/cx23885-video.c |    2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/media/video/cx23885/cx23885-417.c
> b/drivers/media/video/cx23885/cx23885-417.c
> index 7b0e8c0..19154b6 100644
> --- a/drivers/media/video/cx23885/cx23885-417.c
> +++ b/drivers/media/video/cx23885/cx23885-417.c
> @@ -1585,7 +1585,7 @@ static int mpeg_open(struct inode *inode, struct
> file *file)
> 
>        list_for_each(list, &cx23885_devlist) {
>                h = list_entry(list, struct cx23885_dev, devlist);
> -               if (h->v4l_device->minor == minor) {
> +               if (h->v4l_device && h->v4l_device->minor == minor) {
>                        dev = h;
>                        break;
>                }
> diff --git a/drivers/media/video/cx23885/cx23885-video.c
> b/drivers/media/video/cx23885/cx23885-video.c
> index 6047c78..a2b5a0c 100644
> --- a/drivers/media/video/cx23885/cx23885-video.c
> +++ b/drivers/media/video/cx23885/cx23885-video.c
> @@ -733,7 +733,7 @@ static int video_open(struct inode *inode, struct
> file *file)
> 
>        list_for_each(list, &cx23885_devlist) {
>                h = list_entry(list, struct cx23885_dev, devlist);
> -               if (h->video_dev->minor == minor) {
> +               if (h->video_dev && h->video_dev->minor == minor) {
>                        dev  = h;
>                        type = V4L2_BUF_TYPE_VIDEO_CAPTURE;
>                }
> 
> 
> --
> Jarod Wilson
> jarod@...hat.com
> --
> To unsubscribe from this list: send the line "unsubscribe linux-media" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ