lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri, 23 Feb 2018 01:56:55 +0100
From:   "wzabolot@...ktron.elka.pw.edu.pl" <wzabolot@...ktron.elka.pw.edu.pl>
To:     891036@...s.debian.org
Cc:     LKML <linux-kernel@...r.kernel.org>, Shuah Khan <shuah@...nel.org>,
        "linux-usb@...r.kernel.org >> linux-usb"@vger.kernel.org
Subject: Proposal - how to make usbip more resistant to misconfiguration

Hi,

I have found that the
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891036 is not the only
one related to misconfiguration of the usbip driver and tools.
A few weeks ago the similar bug
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878866 was discovered.
It seems that the configuration of usbip is fragile, and it is easy to
make a mistake leading to the setup that doesn't work correctly.
I suppose, that additional mechanisms should be added to prevent such
problems:

 1. It should be checked DURING THE COMPILATION, that the number of
    ports in a single virtual hub does not exceed 128.
 2. The MAXNPORT constant in tools/usb/usbip/libsrc/vhci_driver.h should
    be defined as:
    #define MAXNPORT ( VHCI_PORTS * VHCI_NR_HCS )

I have not tested the above modifications. If I find some time to verify
them, and if they are correct, I'll submit the official patches.

With best regards,
Wojtek

-- 
Wojciech M Zabolotny, PhD
Institute of Electronic Systems
Faculty of Electronics and Information Technology
Warsaw University of Technology

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ