Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / f3e957266ae56c200fb13a42309c50f84576c64a
commitf3e957266ae56c200fb13a42309c50f84576c64a[log] [tgz]
authorShuah Khan <shuahkh@osg.samsung.com>Thu Dec 07 14:16:48 2017 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Wed Dec 20 10:07:16 2017 +0100
treec497bc1e7f2984f0d9a73f9f55bac88ed7987de0
parentb6dbace92ed744a80af75036e93615324cd27aec [diff]
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input

commit c6688ef9f29762e65bce325ef4acd6c675806366 upstream.

Harden CMD_SUBMIT path to handle malicious input that could trigger
large memory allocations. Add checks to validate transfer_buffer_length
and number_of_packets to protect against bad input requesting for
unbounded memory allocations. Validate early in get_pipe() and return
failure.

Reported-by: Secunia Research <vuln@secunia.com>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: c497bc1e7f2984f0d9a73f9f55bac88ed7987de0
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS