From: Shuah Khan <shuahkh@osg.samsung.com>
Date: Thu, 7 Dec 2017 21:16:48 +0000 (-0700)
Subject: usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=629f509078f02bf65da3ecca8363104b08a3fdd7;p=pandora-kernel.git

usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input

commit c6688ef9f29762e65bce325ef4acd6c675806366 upstream.

Harden CMD_SUBMIT path to handle malicious input that could trigger
large memory allocations. Add checks to validate transfer_buffer_length
and number_of_packets to protect against bad input requesting for
unbounded memory allocations. Validate early in get_pipe() and return
failure.

Reported-by: Secunia Research <vuln@secunia.com>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[bwh: Backported to 3.2:
 - Device for logging purposes is &sdev->interface->dev
 - Adjust filename, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

Reading git-diff-tree failed