From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 17 Oct 2020 11:29:30 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.4.241~60
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=69147b1c893226d2f8352dc937a967d73ae36a84;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	alsa-bebob-potential-info-leak-in-hwdep_read.patch
---

diff --git a/queue-4.9/alsa-bebob-potential-info-leak-in-hwdep_read.patch b/queue-4.9/alsa-bebob-potential-info-leak-in-hwdep_read.patch
new file mode 100644
index 00000000000..833ced5ffeb
--- /dev/null
+++ b/queue-4.9/alsa-bebob-potential-info-leak-in-hwdep_read.patch
@@ -0,0 +1,40 @@
+From b41c15f4e1c1f1657da15c482fa837c1b7384452 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 7 Oct 2020 10:49:28 +0300
+Subject: ALSA: bebob: potential info leak in hwdep_read()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit b41c15f4e1c1f1657da15c482fa837c1b7384452 upstream.
+
+The "count" variable needs to be capped on every path so that we don't
+copy too much information to the user.
+
+Fixes: 618eabeae711 ("ALSA: bebob: Add hwdep interface")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20201007074928.GA2529578@mwanda
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/bebob/bebob_hwdep.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/sound/firewire/bebob/bebob_hwdep.c
++++ b/sound/firewire/bebob/bebob_hwdep.c
+@@ -37,12 +37,11 @@ hwdep_read(struct snd_hwdep *hwdep, char
+ 	}
+ 
+ 	memset(&event, 0, sizeof(event));
++	count = min_t(long, count, sizeof(event.lock_status));
+ 	if (bebob->dev_lock_changed) {
+ 		event.lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS;
+ 		event.lock_status.status = (bebob->dev_lock_count > 0);
+ 		bebob->dev_lock_changed = false;
+-
+-		count = min_t(long, count, sizeof(event.lock_status));
+ 	}
+ 
+ 	spin_unlock_irq(&bebob->lock);
diff --git a/queue-4.9/series b/queue-4.9/series
index 9374b3b0325..6419e709a14 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -2,3 +2,4 @@ ibmveth-identify-ingress-large-send-packets.patch
 tipc-fix-the-skb_unshare-in-tipc_buf_append.patch
 net-ipv4-always-honour-route-mtu-during-forwarding.patch
 r8169-fix-data-corruption-issue-on-rtl8402.patch
+alsa-bebob-potential-info-leak-in-hwdep_read.patch