linux-stable.git/tools/usb/usbip/libsrc, branch linux-4.4.y Linux kernel stable tree usbip: Fix potential format overflow in userspace tools 2018-01-31T11:06:07+00:00 Jonathan Dieter jdieter@lesbg.com 2017-02-27T08:31:03+00:00 579a9885cfe40645bc62207f318d172c4cad7942 commit e5dfa3f902b9a642ae8c6997d57d7c41e384a90b upstream. The usbip userspace tools call sprintf()/snprintf() and don't check for the return value which can lead the paths to overflow, truncating the final file in the path. More urgently, GCC 7 now warns that these aren't checked with -Wformat-overflow, and with -Werror enabled in configure.ac, that makes these tools unbuildable. This patch fixes these problems by replacing sprintf() with snprintf() in one place and adding checks for the return value of snprintf(). Reviewed-by: Peter Senna Tschudin <peter.senna@gmail.com> Signed-off-by: Jonathan Dieter <jdieter@lesbg.com> Acked-by: Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit e5dfa3f902b9a642ae8c6997d57d7c41e384a90b upstream.

The usbip userspace tools call sprintf()/snprintf() and don't check for
the return value which can lead the paths to overflow, truncating the
final file in the path.

More urgently, GCC 7 now warns that these aren't checked with
-Wformat-overflow, and with -Werror enabled in configure.ac, that makes
these tools unbuildable.

This patch fixes these problems by replacing sprintf() with snprintf() in
one place and adding checks for the return value of snprintf().

Reviewed-by: Peter Senna Tschudin <peter.senna@gmail.com>
Signed-off-by: Jonathan Dieter <jdieter@lesbg.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
usbip: prevent vhci_hcd driver from leaking a socket pointer address 2018-01-31T11:06:07+00:00 Shuah Khan shuahkh@osg.samsung.com 2017-12-07T21:16:49+00:00 28f467e0bdda754aa36390fd90b01823f0d3b18d commit 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 upstream. When a client has a USB device attached over IP, the vhci_hcd driver is locally leaking a socket pointer address via the /sys/devices/platform/vhci_hcd/status file (world-readable) and in debug output when "usbip --debug port" is run. Fix it to not leak. The socket pointer address is not used at the moment and it was made visible as a convenient way to find IP address from socket pointer address by looking up /proc/net/{tcp,tcp6}. As this opens a security hole, the fix replaces socket pointer address with sockfd. Reported-by: Secunia Research <vuln@secunia.com> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 upstream.

When a client has a USB device attached over IP, the vhci_hcd driver is
locally leaking a socket pointer address via the

/sys/devices/platform/vhci_hcd/status file (world-readable) and in debug
output when "usbip --debug port" is run.

Fix it to not leak. The socket pointer address is not used at the moment
and it was made visible as a convenient way to find IP address from socket
pointer address by looking up /proc/net/{tcp,tcp6}.

As this opens a security hole, the fix replaces socket pointer address with
sockfd.

Reported-by: Secunia Research <vuln@secunia.com>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace mentions of "list_struct" to "list_head" 2014-11-20T13:45:15+00:00 Andrey Utkin andrey.krieger.utkin@gmail.com 2014-11-14T01:09:55+00:00 3943f42c11896ce82ad3da132c8a5630313bdd0e There's no such thing as "list_struct". Signed-off-by: Andrey Utkin <andrey.krieger.utkin@gmail.com> Acked-by: Steven Rostedt <rostedt@goodmis.org> Acked-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 
There's no such thing as "list_struct".

Signed-off-by: Andrey Utkin <andrey.krieger.utkin@gmail.com>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Acked-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
usb: usbip: fix usbip.h path in userspace tool 2014-09-04T23:25:30+00:00 Piotr Król piotr.krol@3mdeb.com 2014-09-04T22:58:02+00:00 6fa9e1be7f28dd407d710c3ab367b1e5bc34c2bf Fixes: 588b48caf65c ("usbip: move usbip userspace code out of staging") which introduced build failure by not changing uapi/usbip.h include path according to new location. Signed-off-by: Piotr Król <piotr.krol@3mdeb.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Fixes: 588b48caf65c ("usbip: move usbip userspace code out of staging")
which introduced build failure by not changing uapi/usbip.h include path
according to new location.

Signed-off-by: Piotr Król <piotr.krol@3mdeb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
usbip: move usbip userspace code out of staging 2014-08-25T17:38:56+00:00 Valentina Manea valentina.manea.m@gmail.com 2014-08-20T04:30:59+00:00 588b48caf65c4a92af567948ec0025065e749ddf At this point, USB/IP userspace code is fully functional and can be moved out of staging. Signed-off-by: Valentina Manea <valentina.manea.m@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
At this point, USB/IP userspace code is fully functional
and can be moved out of staging.

Signed-off-by: Valentina Manea <valentina.manea.m@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>