FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-28 22:38:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/drivers/usb/usbip
History
Ignat Korchagin b348d7dddb USB: usbip: fix potential out-of-bounds write 
Fix potential out-of-bounds write to urb->transfer_buffer
usbip handles network communication directly in the kernel. When receiving a
packet from its peer, usbip code parses headers according to protocol. As
part of this parsing urb->actual_length is filled. Since the input for
urb->actual_length comes from the network, it should be treated as untrusted.
Any entity controlling the network may put any value in the input and the
preallocated urb->transfer_buffer may not be large enough to hold the data.
Thus, the malicious entity is able to write arbitrary data to kernel memory.

Signed-off-by: Ignat Korchagin <ignat.korchagin@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-03-30 21:55:36 -07:00
..
Kconfig
Makefile
README
stub_dev.c
stub_main.c
stub_rx.c
stub_tx.c
stub.h
usbip_common.c
USB: usbip: fix potential out-of-bounds write
2016-03-30 21:55:36 -07:00
usbip_common.h
usbip_event.c
vhci_hcd.c
vhci_rx.c
vhci_sysfs.c
vhci_tx.c
vhci.h

README 

TODO:
	- more discussion about the protocol
	- testing
	- review of the userspace interface
	- document the protocol

Please send patches for this code to Greg Kroah-Hartman <greg@kroah.com>