Commit 2f8f0870 authored by Samuel Thibault's avatar Samuel Thibault Committed by Yang Yingliang
Browse files

speakup: Reject setting the speakup line discipline outside of speakup 



mainline inclusion
from mainline-v5.10-rc7
commit f0992098
category: bugfix
bugzilla: NA
CVE: CVE-2020-27830

--------------------------------

Speakup exposing a line discipline allows userland to try to use it,
while it is deemed to be useless, and thus uselessly exposes potential
bugs. One of them is simply that in such a case if the line sends data,
spk_ttyio_receive_buf2 is called and crashes since spk_ttyio_synth
is NULL.

This change restricts the use of the speakup line discipline to
speakup drivers, thus avoiding such kind of issues altogether.

Cc: stable@vger.kernel.org
Reported-by: default avatarShisong Qin <qinshisong1205@gmail.com>
Signed-off-by: default avatarSamuel Thibault <samuel.thibault@ens-lyon.org>
Tested-by: default avatarShisong Qin <qinshisong1205@gmail.com>
Link: https://lore.kernel.org/r/20201129193523.hm3f6n5xrn6fiyyc@function


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Conflicts:
  drivers/accessibility/speakup/spk_ttyio.c
[yyl: spk_ttyio.c is in drivers/staging/speakup/ in kernel-4.19]
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: default avatarJason Yan <yanaijie@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent 8b47bf49
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment