dsg/usbip-rs
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
usbip-rs/lib
History
Davíð Steinn Geirsson 3f4e8effce fix: security hardening and data integrity for untrusted USB/IP clients 
Critical fixes:
- Validate endpoint number is 0-15 (kernel parity: stub_rx.c)
- Cap in-flight URBs at 256 to prevent DoS resource exhaustion
- Replace expect() with graceful handling on lock contention in find_ep
- Use validated transfer_buffer_length for ISO allocation instead of
  unchecked multiplication of client-supplied values

High-priority fixes:
- Validate devid matches imported device in CMD_SUBMIT and CMD_UNLINK
- Fix string descriptor bLength u8 overflow for long strings (>126 chars)
- Use saturating_add for ISO actual_length sum, capped at transfer_buffer_length
- Truncate IN response data exceeding transfer_buffer_length

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 00:09:20 +00:00
..
examples feat: concurrent ISO pipelining via nusb update and &self handlers 2026-03-22 15:10:28 +00:00
src fix: security hardening and data integrity for untrusted USB/IP clients 2026-03-25 00:09:20 +00:00
Cargo.toml feat: concurrent ISO pipelining via nusb update and &self handlers 2026-03-22 15:10:28 +00:00