summaryrefslogtreecommitdiffstats
path: root/tools/usb
diff options
context:
space:
mode:
authorShuah Khan <shuahkh@osg.samsung.com>2017-12-07 22:16:48 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2017-12-08 17:32:23 +0100
commitc6688ef9f29762e65bce325ef4acd6c675806366 (patch)
tree083ad6fdada35ec3ccbe4c637f92cc210ad7f5d0 /tools/usb
parentusbip: fix stub_rx: get_pipe() to validate endpoint number (diff)
downloadlinux-c6688ef9f29762e65bce325ef4acd6c675806366.tar.xz
linux-c6688ef9f29762e65bce325ef4acd6c675806366.zip
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
Harden CMD_SUBMIT path to handle malicious input that could trigger large memory allocations. Add checks to validate transfer_buffer_length and number_of_packets to protect against bad input requesting for unbounded memory allocations. Validate early in get_pipe() and return failure. Reported-by: Secunia Research <vuln@secunia.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'tools/usb')
0 files changed, 0 insertions, 0 deletions