lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <s5hfwnddlrv.wl%tiwai@suse.de>
Date:	Tue, 14 Jun 2011 07:28:36 +0200
From:	Takashi Iwai <tiwai@...e.de>
To:	Jesper Juhl <jj@...osbits.net>
Cc:	linux-kernel@...r.kernel.org, alsa-devel@...a-project.org,
	Daniel Mack <zonque@...il.com>,
	Lucas De Marchi <lucas.demarchi@...fusion.mobi>,
	Torsten Schenk <torsten.schenk@...o.com>,
	Jaroslav Kysela <perex@...ex.cz>
Subject: Re: [PATCH] Sound, 6Fire USB: Fix double-free bug in usb6fire_fw_ezusb_upload()

At Mon, 13 Jun 2011 23:52:02 +0200 (CEST),
Jesper Juhl wrote:
> 
> We have a double-free bug in 
> sound/usb/6fire/firmware.c::usb6fire_fw_ezusb_upload().
> We already call release_firmware(fw) on line 258, so when we then do it 
> again after usb6fire_fw_ezusb_write() returns <0, we have a double-free.
> Easily fixed by just removing the last call to release_firmware().
> 
> Signed-off-by: Jesper Juhl <jj@...osbits.net>

Applied now.  Thanks.


Takashi

> ---
>  firmware.c |    1 -
>  1 file changed, 1 deletion(-)
> 
>   Patch against Linus' tree (head at 40779859de0f73b40390c6401a024d06cf024290).
> 
> diff --git a/sound/usb/6fire/firmware.c b/sound/usb/6fire/firmware.c
> index a91719d..1e3ae33 100644
> --- a/sound/usb/6fire/firmware.c
> +++ b/sound/usb/6fire/firmware.c
> @@ -270,7 +270,6 @@ static int usb6fire_fw_ezusb_upload(
>  	data = 0x00; /* resume ezusb cpu */
>  	ret = usb6fire_fw_ezusb_write(device, 0xa0, 0xe600, &data, 1);
>  	if (ret < 0) {
> -		release_firmware(fw);
>  		snd_printk(KERN_ERR PREFIX "unable to upload ezusb "
>  				"firmware %s: end message.\n", fwname);
>  		return ret;
> 
> 
> -- 
> Jesper Juhl <jj@...osbits.net>       http://www.chaosbits.net/
> Don't top-post http://www.catb.org/jargon/html/T/top-post.html
> Plain text mails only, please.
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ