Piteball/android_kernel_samsung_msm8226
1
0
Fork 0
mirror of https://github.com/S3NEO/android_kernel_samsung_msm8226.git synced 2024-11-07 03:47:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
android_kernel_samsung_msm8226/sound/usb
History
Hui Peng e211a68fc9 ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit 
commit daac07156b330b18eb5071aec4b3ddca1c377f2c upstream.

The `uac_mixer_unit_descriptor` shown as below is read from the
device side. In `parse_audio_mixer_unit`, `baSourceID` field is
accessed from index 0 to `bNrInPins` - 1, the current implementation
assumes that descriptor is always valid (the length  of descriptor
is no shorter than 5 + `bNrInPins`). If a descriptor read from
the device side is invalid, it may trigger out-of-bound memory
access.

```
struct uac_mixer_unit_descriptor {
	__u8 bLength;
	__u8 bDescriptorType;
	__u8 bDescriptorSubtype;
	__u8 bUnitID;
	__u8 bNrInPins;
	__u8 baSourceID[];
}
```

This patch fixes the bug by add a sanity check on the length of
the descriptor.

Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Signed-off-by: Hui Peng <benquike@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
CVE-2019-15117
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Change-Id: I4173c102a7f0752d8113823f5070ccb7de5f8914
2020-04-18 17:55:14 +02:00
..
6fire Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
caiaq usb: replace %p with %pK 2020-01-06 08:40:28 +01:00
misc Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
usx2y usb: replace %p with %pK 2020-01-06 08:40:28 +01:00
card.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
card.h Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
clock.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
clock.h
debug.h ALSA: usb-audio: make hwc_debug a noop in case HW_CONST_DEBUG is not set 2011-05-18 11:44:35 +02:00
endpoint.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
endpoint.h ALSA: snd-usb: move code from urb.c to endpoint.c 2011-09-14 17:07:03 +02:00
format.c ALSA: usb-audio: avoid integer overflow in create_fixed_stream_quirk() 2012-02-15 14:58:15 +01:00
format.h
helper.c ALSA: usb-audio: increase control transfer timeout 2011-09-27 09:21:48 +02:00
helper.h ALSA: usb-audio: increase control transfer timeout 2011-09-27 09:21:48 +02:00
Kconfig ALSA: snd-usb-6fire: Select missing SND_VMASTER option in Kconfig 2012-02-25 11:07:19 +01:00
Makefile misc: fix some GCC warnings 2020-01-06 08:40:46 +01:00
midi.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
midi.h
mixer.c ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit 2020-04-18 17:55:14 +02:00
mixer.h misc: Import SM-G900H kernel source code 2019-08-02 15:14:10 +02:00
mixer_maps.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
mixer_quirks.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
mixer_quirks.h Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
pcm.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
pcm.h ALSA: usb: refine delay information with USB frame counter 2011-09-12 10:30:20 +02:00
power.h ALSA: usbaudio: implement USB autosuspend 2011-03-11 14:59:29 +01:00
proc.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
proc.h
quirks-table.h Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
quirks.c ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk() 2019-08-06 12:17:39 +02:00
quirks.h
stream.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
stream.h ALSA: snd-usb: re-order code 2011-09-14 17:07:02 +02:00
usbaudio.h Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00