sound: ensure device number is valid in snd_seq_oss_synth_make_info snd_seq_oss_synth_make_info() incorrectly reports information to userspace without first checking for the validity of the device number, leading to possible information leak (CVE-2008-3272). Reported-By: Tobias Klein <tk@trapkit.de> Acked-and-tested-by: Takashi Iwai <tiwai@suse.de> Cc: stable@kernel.org Signed-off-by: Willy Tarreau <w@1wt.eu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 82e68f7ffec3800425f2391c8c86277606860442 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Sat Aug 02 18:25:16 2008 +0200
committer: Linus Torvalds <torvalds@linux-foundation.org> Mon Aug 04 17:03:26 2008 -0700
tree: dd0133edc67252f786d16541a7475dfe52b845d8
parent: 82248a5e92793014d156a12dbcbba633794ce9f8 [diff] [blame]
diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c
index 558dadb..e024e45 100644
--- a/sound/core/seq/oss/seq_oss_synth.c
+++ b/sound/core/seq/oss/seq_oss_synth.c

@@ -604,6 +604,9 @@
 {
 	struct seq_oss_synth *rec;
 
+	if (dev < 0 || dev >= dp->max_synthdev)
+		return -ENXIO;
+
 	if (dp->synths[dev].is_midi) {
 		struct midi_info minf;
 		snd_seq_oss_midi_make_info(dp, dp->synths[dev].midi_mapped, &minf);
commit	82e68f7ffec3800425f2391c8c86277606860442	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Sat Aug 02 18:25:16 2008 +0200
committer	Linus Torvalds <torvalds@linux-foundation.org>	Mon Aug 04 17:03:26 2008 -0700
tree	dd0133edc67252f786d16541a7475dfe52b845d8
parent	82248a5e92793014d156a12dbcbba633794ce9f8 [diff] [blame]