original_kernel/sound/core/seq
Takashi Iwai 27f7ad5382 ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
The error handling in snd_seq_oss_open() has several bad codes that
do dereferecing released pointers and double-free of kmalloc'ed data.
The object dp is release in free_devinfo() that is called via
private_free callback.  The rest shouldn't touch this object any more.

The patch changes delete_port() to call kfree() in any case, and gets
rid of unnecessary calls of destructors in snd_seq_oss_open().

Fixes CVE-2010-3080.

Reported-and-tested-by: Tavis Ormandy <taviso@cmpxchg8b.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-08 10:45:34 +02:00
..
oss ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open() 2010-09-08 10:45:34 +02:00
Kconfig
Makefile
seq.c
seq_clientmgr.c ALSA: core - Define llseek fops 2010-04-13 12:01:21 +02:00
seq_clientmgr.h
seq_compat.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
seq_device.c
seq_dummy.c
seq_fifo.c
seq_fifo.h
seq_info.c
seq_info.h
seq_lock.c
seq_lock.h
seq_memory.c
seq_memory.h
seq_midi.c
seq_midi_emul.c
seq_midi_event.c
seq_ports.c
seq_ports.h
seq_prioq.c
seq_prioq.h
seq_queue.c
seq_queue.h
seq_system.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
seq_system.h
seq_timer.c
seq_timer.h
seq_virmidi.c