Please apply commit 9453264ef586 ("media: go7007: fix a miss of snd_card_free") to v4.9.y up to v5.4.y - Linux-stable-mirror

6 Jun 2020

Hi
Could you please apply 9453264ef586 ("media: go7007: fix a miss of
snd_card_free") to v4.9.y up to v5.4.y stable series? The fix is
related to CVE-2019-20810.
The commit can be cherry-picked as is for 5.4.y but needs a small
adjustment for context for versions which do not contain c0decac19da3
("media: use strscpy() instead of strlcpy()") and ba78170ef153
("media: go7007: Fix misuse of strscpy"). Attached a respective patch
which applies with that refresh back to v4.9.y.
Regards,
Salvatore
...
From fd93d8ec8b3447fd29509d2d2f92352e26ff3804 Mon Sep 17 00:00:00 2001
From: Chuhong Yuan hslester96@gmail.com
Date: Tue, 10 Dec 2019 04:15:48 +0100
Subject: [PATCH] media: go7007: fix a miss of snd_card_free
go7007_snd_init() misses a snd_card_free() in an error path.
Add the missed call to fix it.
Signed-off-by: Chuhong Yuan hslester96@gmail.com
Signed-off-by: Hans Verkuil hverkuil-cisco@xs4all.nl
Signed-off-by: Mauro Carvalho Chehab mchehab+huawei@kernel.org
[Salvatore Bonaccorso: Adjust context for backport to versions which do
not contain c0decac19da3 ("media: use strscpy() instead of strlcpy()")
and ba78170ef153 ("media: go7007: Fix misuse of strscpy")]
Signed-off-by: Salvatore Bonaccorso carnil@debian.org
---
 drivers/media/usb/go7007/snd-go7007.c | 35 +++++++++++++--------------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/drivers/media/usb/go7007/snd-go7007.c b/drivers/media/usb/go7007/snd-go7007.c
index 137fc253b122..96c37a131deb 100644
--- a/drivers/media/usb/go7007/snd-go7007.c
+++ b/drivers/media/usb/go7007/snd-go7007.c
@@ -244,22 +244,18 @@ int go7007_snd_init(struct go7007 *go)
    gosnd->capturing = 0;
    ret = snd_card_new(go->dev, index[dev], id[dev], THIS_MODULE, 0,
    		   &gosnd->card);
-	if (ret < 0) {
-		kfree(gosnd);
-		return ret;
-	}
+	if (ret < 0)
+		goto free_snd;
+
    ret = snd_device_new(gosnd->card, SNDRV_DEV_LOWLEVEL, go,
    		&go7007_snd_device_ops);
-	if (ret < 0) {
-		kfree(gosnd);
-		return ret;
-	}
+	if (ret < 0)
+		goto free_card;
+
    ret = snd_pcm_new(gosnd->card, "go7007", 0, 0, 1, &gosnd->pcm);
-	if (ret < 0) {
-		snd_card_free(gosnd->card);
-		kfree(gosnd);
-		return ret;
-	}
+	if (ret < 0)
+		goto free_card;
+
    strlcpy(gosnd->card->driver, "go7007", sizeof(gosnd->card->driver));
    strlcpy(gosnd->card->shortname, go->name, sizeof(gosnd->card->driver));
    strlcpy(gosnd->card->longname, gosnd->card->shortname,
@@ -270,11 +266,8 @@ int go7007_snd_init(struct go7007 *go)
    		&go7007_snd_capture_ops);
ret = snd_card_register(gosnd->card);
-	if (ret < 0) {
-		snd_card_free(gosnd->card);
-		kfree(gosnd);
-		return ret;
-	}
+	if (ret < 0)
+		goto free_card;
gosnd->substream = NULL;
    go->snd_context = gosnd;
@@ -282,6 +275,12 @@ int go7007_snd_init(struct go7007 *go)
    ++dev;
return 0;
+
+free_card:
+	snd_card_free(gosnd->card);
+free_snd:
+	kfree(gosnd);
+	return ret;
 }
 EXPORT_SYMBOL(go7007_snd_init);
-- 
2.27.0.rc0


    