diff options
author | Shuah Khan <shuahkh@osg.samsung.com> | 2017-12-07 22:16:48 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-12-08 17:32:23 +0100 |
commit | c6688ef9f29762e65bce325ef4acd6c675806366 (patch) | |
tree | 083ad6fdada35ec3ccbe4c637f92cc210ad7f5d0 /tools/usb | |
parent | usbip: fix stub_rx: get_pipe() to validate endpoint number (diff) | |
download | linux-c6688ef9f29762e65bce325ef4acd6c675806366.tar.xz linux-c6688ef9f29762e65bce325ef4acd6c675806366.zip |
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
Harden CMD_SUBMIT path to handle malicious input that could trigger
large memory allocations. Add checks to validate transfer_buffer_length
and number_of_packets to protect against bad input requesting for
unbounded memory allocations. Validate early in get_pipe() and return
failure.
Reported-by: Secunia Research <vuln@secunia.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'tools/usb')
0 files changed, 0 insertions, 0 deletions