linux

History

Hui Peng daac07156b ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit The `uac_mixer_unit_descriptor` shown as below is read from the device side. In `parse_audio_mixer_unit`, `baSourceID` field is accessed from index 0 to `bNrInPins` - 1, the current implementation assumes that descriptor is always valid (the length of descriptor is no shorter than 5 + `bNrInPins`). If a descriptor read from the device side is invalid, it may trigger out-of-bound memory access. ``` struct uac_mixer_unit_descriptor { __u8 bLength; __u8 bDescriptorType; __u8 bDescriptorSubtype; __u8 bUnitID; __u8 bNrInPins; __u8 baSourceID[]; } ``` This patch fixes the bug by add a sanity check on the length of the descriptor. Reported-by: Hui Peng <benquike@gmail.com> Reported-by: Mathias Payer <mathias.payer@nebelwelt.net> Cc: <stable@vger.kernel.org> Signed-off-by: Hui Peng <benquike@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>		2019-08-14 20:05:56 +02:00
..
ac97	ALSA: ac97: Fix double free of ac97_codec_device	2019-07-23 14:16:11 +02:00
aoa	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 250	2019-06-19 17:09:08 +02:00
arm	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
atmel	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
core	ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain	2019-07-29 19:05:42 +02:00
drivers	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
firewire	ALSA: firewire: fix a memory leak bug	2019-08-08 11:12:26 +02:00
hda	ALSA: hda: Fix 1-minute detection delay when i915 module is not available	2019-07-27 08:31:46 +02:00
i2c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
isa	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 371	2019-06-05 17:37:10 +02:00
mips	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 176	2019-05-30 11:29:19 -07:00
oss	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
parisc	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 176	2019-05-30 11:29:19 -07:00
pci	ALSA: hda - Add a generic reboot_notify	2019-08-14 08:38:23 +02:00
pcmcia	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
ppc	ALSA: ps3: Remove Unneeded variable: "ret"	2019-07-10 11:53:31 +02:00
sh	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 273	2019-06-05 17:30:30 +02:00
soc	ASoC: Fixes for v5.3	2019-08-06 12:28:28 +02:00
sparc	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
spi	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
synth	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
usb	ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit	2019-08-14 20:05:56 +02:00
x86	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285	2019-06-05 17:36:37 +02:00
xen	ASoC: Updates for v5.3	2019-07-08 14:45:34 +02:00
ac97_bus.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
last.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
Makefile	ALSA: xen-front: Introduce Xen para-virtualized sound frontend driver	2018-05-16 12:58:36 +02:00
sound_core.c	sound: fix a memory leak bug	2019-08-08 08:18:32 +02:00