This is a note to let you know that I've just added the patch titled
ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl
to the 2.6.38-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
alsa-sound-pci-asihpi-check-adapter-index-in-hpi_ioctl.patch
and it can be found in the queue-2.6.38 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 4a122c10fbfe9020df469f0f669da129c5757671 Mon Sep 17 00:00:00 2001
From: Dan Rosenberg <[email protected]>
Date: Thu, 17 Mar 2011 18:32:24 -0400
Subject: ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl
From: Dan Rosenberg <[email protected]>
commit 4a122c10fbfe9020df469f0f669da129c5757671 upstream.
The user-supplied index into the adapters array needs to be checked, or
an out-of-bounds kernel pointer could be accessed and used, leading to
potentially exploitable memory corruption.
Signed-off-by: Dan Rosenberg <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/asihpi/hpioctl.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/sound/pci/asihpi/hpioctl.c
+++ b/sound/pci/asihpi/hpioctl.c
@@ -155,6 +155,11 @@ long asihpi_hpi_ioctl(struct file *file,
goto out;
}
+ if (hm->h.adapter_index >= HPI_MAX_ADAPTERS) {
+ err = -EINVAL;
+ goto out;
+ }
+
pa = &adapters[hm->h.adapter_index];
hr->h.size = 0;
if (hm->h.object == HPI_OBJ_SUBSYSTEM) {
Patches currently in stable-queue which might be from [email protected]
are
queue-2.6.38/alsa-sound-pci-asihpi-check-adapter-index-in-hpi_ioctl.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
