This is a note to let you know that I've just added the patch titled
ASoC: ab8500-codec: info leak in anc_status_control_put()
to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
asoc-ab8500-codec-info-leak-in-anc_status_control_put.patch
and it can be found in the queue-3.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From d63733aed90b432e5cc489ddfa28e342f91b4652 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Date: Fri, 13 Sep 2013 10:53:36 +0300
Subject: ASoC: ab8500-codec: info leak in anc_status_control_put()
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
commit d63733aed90b432e5cc489ddfa28e342f91b4652 upstream.
If the user passes an invalid value it leads to an info leak when we
print the error message or it could oops. This is called with user
supplied data from snd_ctl_elem_write().
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
sound/soc/codecs/ab8500-codec.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/sound/soc/codecs/ab8500-codec.c
+++ b/sound/soc/codecs/ab8500-codec.c
@@ -1225,13 +1225,18 @@ static int anc_status_control_put(struct
struct ab8500_codec_drvdata *drvdata = dev_get_drvdata(codec->dev);
struct device *dev = codec->dev;
bool apply_fir, apply_iir;
- int req, status;
+ unsigned int req;
+ int status;
dev_dbg(dev, "%s: Enter.\n", __func__);
mutex_lock(&drvdata->anc_lock);
req = ucontrol->value.integer.value[0];
+ if (req >= ARRAY_SIZE(enum_anc_state)) {
+ status = -EINVAL;
+ goto cleanup;
+ }
if (req != ANC_APPLY_FIR_IIR && req != ANC_APPLY_FIR &&
req != ANC_APPLY_IIR) {
dev_err(dev, "%s: ERROR: Unsupported status to set '%s'!\n",
Patches currently in stable-queue which might be from dan.carpenter@xxxxxxxxxx are
queue-3.10/cciss-fix-info-leak-in-cciss_ioctl32_passthru.patch
queue-3.10/cpqarray-fix-info-leak-in-ida_locked_ioctl.patch
queue-3.10/asoc-max98095-a-couple-array-underflows.patch
queue-3.10/asoc-ab8500-codec-info-leak-in-anc_status_control_put.patch
queue-3.10/net-sctp-fix-smatch-warning-in-sctp_send_asconf_del_ip.patch
queue-3.10/asoc-88pm860x-array-overflow-in-snd_soc_put_volsw_2r_st.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html