diff options
| author | Shuah Khan <shuahkh@osg.samsung.com> | 2017-12-07 14:16:49 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-12-08 17:32:23 +0100 |
| commit | 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 (patch) | |
| tree | eb94be1cc6a34b0230112e8c1154d8d646e04fb8 /drivers/usb/usbip/usbip_common.h | |
| parent | c6688ef9f29762e65bce325ef4acd6c675806366 (diff) | |
| download | talos-op-linux-2f2d0088eb93db5c649d2a5e34a3800a8a935fc5.tar.gz talos-op-linux-2f2d0088eb93db5c649d2a5e34a3800a8a935fc5.zip | |
usbip: prevent vhci_hcd driver from leaking a socket pointer address
When a client has a USB device attached over IP, the vhci_hcd driver is
locally leaking a socket pointer address via the
/sys/devices/platform/vhci_hcd/status file (world-readable) and in debug
output when "usbip --debug port" is run.
Fix it to not leak. The socket pointer address is not used at the moment
and it was made visible as a convenient way to find IP address from socket
pointer address by looking up /proc/net/{tcp,tcp6}.
As this opens a security hole, the fix replaces socket pointer address with
sockfd.
Reported-by: Secunia Research <vuln@secunia.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/usb/usbip/usbip_common.h')
| -rw-r--r-- | drivers/usb/usbip/usbip_common.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/usb/usbip/usbip_common.h b/drivers/usb/usbip/usbip_common.h index e5de35c8c505..473fb8a87289 100644 --- a/drivers/usb/usbip/usbip_common.h +++ b/drivers/usb/usbip/usbip_common.h @@ -256,6 +256,7 @@ struct usbip_device { /* lock for status */ spinlock_t lock; + int sockfd; struct socket *tcp_socket; struct task_struct *tcp_rx; |
