Fwd: Re: [alsa-devel] /proc/asound/card0/oss_mixer stack corruption
David Henningsson
david.henningsson at canonical.com
Wed Aug 27 11:04:15 UTC 2014
On 2014-08-27 12:46, Andy Whitcroft wrote:
> On Fri, Aug 22, 2014 at 09:13:37AM +0200, David Henningsson wrote:
>> Just cross-posting this here because it looks quite severe. (And possibly a
>> security issue?)
>>
>> We don't have any oss_mixer files AFAIK, but according to the post below, it
>> should apply to eld* files too, present for almost every HDMI audio card out
>> there.
>> So I tried "printf %64s > /proc/asound/card0/eld#0.0" but did not notice
>> anything - but maybe this is either because of the stack layout of the
>> actual function, or because we configure the kernel without the stack
>> checking used here to discover.
>>
>> Either way, looks like it should be fixed ASAP.
>
> This appears to be, in Takashi Iwai's tree, looks to be pending on
> his for-linus branch, so I expect that to be with him in the next merge
> request. It also is marked for stable, so we should expect to see it
> popping into those trees pretty soon after:
>
> commit ddc64b278a4dda052390b3de1b551e59acdff105
> Author: Clemens Ladisch <clemens at ladisch.de>
> Date: Thu Aug 21 20:55:21 2014 +0200
>
> ALSA: core: fix buffer overflow in snd_info_get_line()
Right. Then I'm just flagging that this one should probably go through
security review, as it might also be suitable for security kernels (not
sure how you determine which patches go there).
--
David Henningsson, Canonical Ltd.
https://launchpad.net/~diwic
More information about the kernel-team
mailing list