usbip: prevent leaking socket pointer address in messages

author Shuah Khan <shuahkh@osg.samsung.com>

Fri, 15 Dec 2017 17:50:09 +0000 (10:50 -0700)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Tue, 2 Jan 2018 19:31:13 +0000 (20:31 +0100)
author Shuah Khan <shuahkh@osg.samsung.com>
Fri, 15 Dec 2017 17:50:09 +0000 (10:50 -0700)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 2 Jan 2018 19:31:13 +0000 (20:31 +0100)
diff --git a/drivers/usb/usbip/stub_dev.c b/drivers/usb/usbip/stub_dev.c

index c653ce533430acfe39b193458fab74664ea3067c..720408d39f11349cfe72fd45f3c73429153aa409 100644 (file)
--- a/drivers/usb/usbip/stub_dev.c
+++ b/drivers/usb/usbip/stub_dev.c
@@ -163,8 +163,7 @@ static void stub_shutdown_connection(struct usbip_device *ud)
          * step 1?
          */
         if (ud->tcp_socket) {
-               dev_dbg(&sdev->udev->dev, "shutdown tcp_socket %p\n",
-                       ud->tcp_socket);
+               dev_dbg(&sdev->udev->dev, "shutdown sockfd %d\n", ud->sockfd);
                 kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR);
         }
  
diff --git a/drivers/usb/usbip/usbip_common.c b/drivers/usb/usbip/usbip_common.c

index 2281f3562870a07edc3a95b0e370d9c4e14af019..17b599b923f3679da27229bcb9b8fea2b7a7cb12 100644 (file)
--- a/drivers/usb/usbip/usbip_common.c
+++ b/drivers/usb/usbip/usbip_common.c
@@ -331,26 +331,20 @@ int usbip_recv(struct socket *sock, void *buf, int size)
         struct msghdr msg = {.msg_flags = MSG_NOSIGNAL};
         int total = 0;
  
+       if (!sock || !buf || !size)
+               return -EINVAL;
+
         iov_iter_kvec(&msg.msg_iter, READ|ITER_KVEC, &iov, 1, size);
  
         usbip_dbg_xmit("enter\n");
  
-       if (!sock || !buf || !size) {
-               pr_err("invalid arg, sock %p buff %p size %d\n", sock, buf,
-                      size);
-               return -EINVAL;
-       }
-
         do {
-               int sz = msg_data_left(&msg);
+               msg_data_left(&msg);
                 sock->sk->sk_allocation = GFP_NOIO;
  
                 result = sock_recvmsg(sock, &msg, MSG_WAITALL);
-               if (result <= 0) {
-                       pr_debug("receive sock %p buf %p size %u ret %d total %d\n",
-                                sock, buf + total, sz, result, total);
+               if (result <= 0)
                         goto err;
-               }
  
                 total += result;
         } while (msg_data_left(&msg));
diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c

index 1f0cf81cc145760344ad5b96fdf7799286446a3d..4eec1d796a2d5472437632e27d292206eac4ff71 100644 (file)
--- a/drivers/usb/usbip/vhci_hcd.c
+++ b/drivers/usb/usbip/vhci_hcd.c
@@ -989,7 +989,7 @@ static void vhci_shutdown_connection(struct usbip_device *ud)
  
         /* need this? see stub_dev.c */
         if (ud->tcp_socket) {
-               pr_debug("shutdown tcp_socket %p\n", ud->tcp_socket);
+               pr_debug("shutdown tcp_socket %d\n", ud->sockfd);
                 kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR);
         }
author	Shuah Khan <shuahkh@osg.samsung.com>
	Fri, 15 Dec 2017 17:50:09 +0000 (10:50 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 2 Jan 2018 19:31:13 +0000 (20:31 +0100)
drivers/usb/usbip/stub_dev.c		patch \| blob \| blame \| history
drivers/usb/usbip/usbip_common.c		patch \| blob \| blame \| history
drivers/usb/usbip/vhci_hcd.c		patch \| blob \| blame \| history