sound: ensure device number is valid in snd_seq_oss_synth_make_info
snd_seq_oss_synth_make_info() incorrectly reports information to userspace without first checking for the validity of the device number, leading to possible information leak (CVE-2008-3272). Reported-By: Tobias Klein <tk@trapkit.de> Acked-and-tested-by: Takashi Iwai <tiwai@suse.de> Cc: stable@kernel.org Signed-off-by: Willy Tarreau <w@1wt.eu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
82248a5e92
commit
82e68f7ffe
|
@ -604,6 +604,9 @@ snd_seq_oss_synth_make_info(struct seq_oss_devinfo *dp, int dev, struct synth_in
|
||||||
{
|
{
|
||||||
struct seq_oss_synth *rec;
|
struct seq_oss_synth *rec;
|
||||||
|
|
||||||
|
if (dev < 0 || dev >= dp->max_synthdev)
|
||||||
|
return -ENXIO;
|
||||||
|
|
||||||
if (dp->synths[dev].is_midi) {
|
if (dp->synths[dev].is_midi) {
|
||||||
struct midi_info minf;
|
struct midi_info minf;
|
||||||
snd_seq_oss_midi_make_info(dp, dp->synths[dev].midi_mapped, &minf);
|
snd_seq_oss_midi_make_info(dp, dp->synths[dev].midi_mapped, &minf);
|
||||||
|
|
Loading…
Reference in New Issue