usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
authorShuah Khan <shuahkh@osg.samsung.com>
Thu, 7 Dec 2017 21:16:48 +0000 (14:16 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 8 Dec 2017 16:32:23 +0000 (17:32 +0100)
commitc6688ef9f29762e65bce325ef4acd6c675806366
tree083ad6fdada35ec3ccbe4c637f92cc210ad7f5d0
parent635f545a7e8be7596b9b2b6a43cab6bbd5a88e43
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input

Harden CMD_SUBMIT path to handle malicious input that could trigger
large memory allocations. Add checks to validate transfer_buffer_length
and number_of_packets to protect against bad input requesting for
unbounded memory allocations. Validate early in get_pipe() and return
failure.

Reported-by: Secunia Research <vuln@secunia.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/usbip/stub_rx.c