DivestOS/Patches/Linux_CVEs/CVE-2014-4656/1.patch

From f7500568b7633324e7c4282bb8baa3ff3f17fd7a Mon Sep 17 00:00:00 2001
From: Lars-Peter Clausen <lars@metafoo.de>
Date: Wed, 18 Jun 2014 13:32:35 +0200
Subject: ALSA: control: Make sure that id->index does not overflow

commit 883a1d49f0d77d30012f114b2e19fc141beb3e8e upstream.

The ALSA control code expects that the range of assigned indices to a control is
continuous and does not overflow. Currently there are no checks to enforce this.
If a control with a overflowing index range is created that control becomes
effectively inaccessible and unremovable since snd_ctl_find_id() will not be
able to find it. This patch adds a check that makes sure that controls with a
overflowing index range can not be created.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Acked-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 sound/core/control.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sound/core/control.c b/sound/core/control.c
index d3f17de..9210594 100644
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -341,6 +341,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
 	if (snd_BUG_ON(!card || !kcontrol->info))
 		goto error;
 	id = kcontrol->id;
+	if (id.index > UINT_MAX - kcontrol->count)
+		goto error;
+
 	down_write(&card->controls_rwsem);
 	if (snd_ctl_find_id(card, &id)) {
 		up_write(&card->controls_rwsem);
-- 
cgit v1.1
Add patches for many Linux CVEs, and overhaul script paths 2017-10-29 01:48:53 -04:00			`From f7500568b7633324e7c4282bb8baa3ff3f17fd7a Mon Sep 17 00:00:00 2001`
			`From: Lars-Peter Clausen <lars@metafoo.de>`
			`Date: Wed, 18 Jun 2014 13:32:35 +0200`
			`Subject: ALSA: control: Make sure that id->index does not overflow`

			`commit 883a1d49f0d77d30012f114b2e19fc141beb3e8e upstream.`

			`The ALSA control code expects that the range of assigned indices to a control is`
			`continuous and does not overflow. Currently there are no checks to enforce this.`
			`If a control with a overflowing index range is created that control becomes`
			`effectively inaccessible and unremovable since snd_ctl_find_id() will not be`
			`able to find it. This patch adds a check that makes sure that controls with a`
			`overflowing index range can not be created.`

			`Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>`
			`Acked-by: Jaroslav Kysela <perex@perex.cz>`
			`Signed-off-by: Takashi Iwai <tiwai@suse.de>`
			`Signed-off-by: Ben Hutchings <ben@decadent.org.uk>`
			`---`
			`sound/core/control.c \| 3 +++`
			`1 file changed, 3 insertions(+)`

			`diff --git a/sound/core/control.c b/sound/core/control.c`
			`index d3f17de..9210594 100644`
			`--- a/sound/core/control.c`
			`+++ b/sound/core/control.c`
			`@@ -341,6 +341,9 @@ int snd_ctl_add(struct snd_card card, struct snd_kcontrol kcontrol)`
			`if (snd_BUG_ON(!card \|\| !kcontrol->info))`
			`goto error;`
			`id = kcontrol->id;`
			`+ if (id.index > UINT_MAX - kcontrol->count)`
			`+ goto error;`
			`+`
			`down_write(&card->controls_rwsem);`
			`if (snd_ctl_find_id(card, &id)) {`
			`up_write(&card->controls_rwsem);`
			`--`
			`cgit v1.1`