From 1fa1b51356c0ea6e1d30f2d370b3b766d4230537 Mon Sep 17 00:00:00 2001

From: Mike Christie <michaelc@cs.wisc.edu>

Date: Thu, 5 Dec 2013 18:12:32 -0600

Subject: [PATCH] iscsi tools: Bug fix on IPC address copy (version 2)

This patch merges Yufei Ren <yufei.ren@stonybrook.edu> patch

with comments from the list plus what I think is a bug in the

addr_len usage.

For the addr_len use, it looks like we were using that as the

arg to memcpy, but that value included the length of the pathname

string and also the offset of sun_path in the sockaddr_un and so

that is too long.

---

 usr/iscsi_util.c | 12 ++++++++++++

 usr/iscsi_util.h |  3 +++

 usr/iscsid_req.c |  7 +------

 usr/mgmt_ipc.c   |  6 +-----

 4 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/usr/iscsi_util.c b/usr/iscsi_util.c

index ac86847..9dbfbfd 100644

--- a/usr/iscsi_util.c

+++ b/usr/iscsi_util.c

@@ -25,16 +25,28 @@

 #include <string.h>

 #include <errno.h>

 #include <ctype.h>

+#include <sys/socket.h>

+#include <sys/un.h>

 #include <sys/types.h>

 #include <sys/stat.h>

 #include <sys/resource.h>

+#include "sysdeps.h"

 #include "log.h"

 #include "iscsi_settings.h"

 #include "iface.h"

 #include "session_info.h"

 #include "iscsi_util.h"

+int setup_abstract_addr(struct sockaddr_un *addr, char *unix_sock_name)

+{

+	memset(addr, 0, sizeof(*addr));

+	addr->sun_family = AF_LOCAL;

+	strlcpy(addr->sun_path + 1, unix_sock_name, sizeof(addr->sun_path) - 1);

+	return offsetof(struct sockaddr_un, sun_path) +

+		strlen(addr->sun_path + 1) + 1;

+}

+

 void daemon_init(void)

 {

 	int fd;

diff --git a/usr/iscsi_util.h b/usr/iscsi_util.h

index 110dfa8..ff725eb 100644

--- a/usr/iscsi_util.h

+++ b/usr/iscsi_util.h

@@ -26,4 +26,7 @@ extern int __iscsi_match_session(struct node_rec *rec, char *targetname,

 extern char *strstrip(char *s);

 extern char *cfg_get_string_param(char *pathname, const char *key);

+struct sockaddr_un;

+extern int setup_abstract_addr(struct sockaddr_un *addr, char *unix_sock_name);

+

 #endif

diff --git a/usr/iscsid_req.c b/usr/iscsid_req.c

index 715c0aa..0e91dee 100644

--- a/usr/iscsid_req.c

+++ b/usr/iscsid_req.c

@@ -67,12 +67,7 @@ static int ipc_connect(int *fd, char *unix_sock_name, int start_iscsid)

 		return ISCSI_ERR_ISCSID_NOTCONN;

 	}

-	addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(unix_sock_name) + 1;

-

-	memset(&addr, 0, sizeof(addr));

-	addr.sun_family = AF_LOCAL;

-	memcpy((char *) &addr.sun_path + 1, unix_sock_name,

-	       strlen(unix_sock_name));

+	addr_len = setup_abstract_addr(&addr, unix_sock_name);

 	/*

 	 * Trying to connect with exponential backoff

diff --git a/usr/mgmt_ipc.c b/usr/mgmt_ipc.c

index 87bd346..a82c063 100644

--- a/usr/mgmt_ipc.c

+++ b/usr/mgmt_ipc.c

@@ -59,11 +59,7 @@ mgmt_ipc_listen(void)

 		return fd;

 	}

-	addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(ISCSIADM_NAMESPACE) + 1;

-

-	memset(&addr, 0, sizeof(addr));

-	addr.sun_family = AF_LOCAL;

-	memcpy((char *) &addr.sun_path + 1, ISCSIADM_NAMESPACE, addr_len);

+	addr_len = setup_abstract_addr(&addr, ISCSIADM_NAMESPACE);

 	if ((err = bind(fd, (struct sockaddr *) &addr, addr_len)) < 0 ) {

 		log_error("Can not bind IPC socket");

-- 

1.8.3.1