linux/sound/core/seq
Takashi Iwai 27f7ad5382 ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
The error handling in snd_seq_oss_open() has several bad codes that
do dereferecing released pointers and double-free of kmalloc'ed data.
The object dp is release in free_devinfo() that is called via
private_free callback.  The rest shouldn't touch this object any more.

The patch changes delete_port() to call kfree() in any case, and gets
rid of unnecessary calls of destructors in snd_seq_oss_open().

Fixes CVE-2010-3080.

Reported-and-tested-by: Tavis Ormandy <taviso@cmpxchg8b.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-08 10:45:34 +02:00
..
oss ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open() 2010-09-08 10:45:34 +02:00
Kconfig ALSA: clean up the logic for building sequencer modules 2009-05-29 11:49:42 +02:00
Makefile ALSA: OSS sequencer should be initialized after snd_seq_system_client_init 2009-07-19 19:10:01 +02:00
seq_clientmgr.c ALSA: core - Define llseek fops 2010-04-13 12:01:21 +02:00
seq_clientmgr.h [ALSA] sound/core/seq: move declarations of globally visible variables to proper headers 2008-01-31 17:29:35 +01:00
seq_compat.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
seq_device.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
seq_dummy.c [ALSA] Remove sound/driver.h 2008-01-31 17:29:48 +01:00
seq_fifo.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
seq_fifo.h [ALSA] Remove xxx_t typedefs: Sequencer 2006-01-03 12:17:52 +01:00
seq_info.c [ALSA] Remove sound/driver.h 2008-01-31 17:29:48 +01:00
seq_info.h [ALSA] Optimize for config without PROC_FS (seq and oss parts) 2006-01-03 12:30:05 +01:00
seq_lock.c [ALSA] Remove sound/driver.h 2008-01-31 17:29:48 +01:00
seq_lock.h
seq_memory.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
seq_memory.h spelling fixes 2006-06-26 18:35:02 +02:00
seq_midi_emul.c [ALSA] Remove sound/driver.h 2008-01-31 17:29:48 +01:00
seq_midi_event.c sound: seq_midi_event: fix decoding of (N)RPN events 2009-06-22 11:11:49 +02:00
seq_midi.c sound: rawmidi: disable active-sensing-on-close by default 2009-07-15 11:57:20 +02:00
seq_ports.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
seq_ports.h [ALSA] Remove xxx_t typedefs: Sequencer 2006-01-03 12:17:52 +01:00
seq_prioq.c ALSA: Add missing KERN_* prefix to printk in sound/core 2009-02-05 16:00:49 +01:00
seq_prioq.h [ALSA] Remove xxx_t typedefs: Sequencer 2006-01-03 12:17:52 +01:00
seq_queue.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
seq_queue.h [ALSA] semaphore -> mutex (core part) 2006-03-22 10:24:50 +01:00
seq_system.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
seq_system.h [ALSA] Remove xxx_t typedefs: Sequencer 2006-01-03 12:17:52 +01:00
seq_timer.c sound: seq_timer: simplify snd_seq_timer_set_tick_resolution() parameters 2010-01-18 16:38:30 +01:00
seq_timer.h [ALSA] sound/core/seq: move declarations of globally visible variables to proper headers 2008-01-31 17:29:35 +01:00
seq_virmidi.c [ALSA] Remove sound/driver.h 2008-01-31 17:29:48 +01:00
seq.c ALSA: Add hrtimer backend for ALSA timer interface 2008-10-24 18:16:50 +02:00