Blame SOURCES/open-iscsi-2.0.875-15-iscsiuio-should-ignore-bogus-iscsid-broadcast-packets.patch
|
|
47585c |
From b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea Mon Sep 17 00:00:00 2001
|
|
|
47585c |
From: Lee Duncan <lduncan@suse.com>
|
|
|
47585c |
Date: Fri, 15 Dec 2017 10:37:56 -0800
|
|
|
47585c |
Subject: [PATCH] iscsiuio should ignore bogus iscsid broadcast packets
|
|
|
47585c |
|
|
|
47585c |
When iscsiuio is receiving broadcast packets from iscsid,
|
|
|
47585c |
if the 'payload_len', carried in the packet, is too
|
|
|
47585c |
large then ignore the packet and print a message.
|
|
|
47585c |
Found by Qualsys.
|
|
|
47585c |
---
|
|
|
47585c |
iscsiuio/src/unix/iscsid_ipc.c | 6 ++++++
|
|
|
47585c |
1 file changed, 6 insertions(+)
|
|
|
47585c |
|
|
|
47585c |
diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
|
|
|
47585c |
index 64762654c523..b5d7051b0558 100644
|
|
|
47585c |
--- a/iscsiuio/src/unix/iscsid_ipc.c
|
|
|
47585c |
+++ b/iscsiuio/src/unix/iscsid_ipc.c
|
|
|
47585c |
@@ -945,6 +945,12 @@ int process_iscsid_broadcast(int s2)
|
|
|
47585c |
|
|
|
47585c |
cmd = data->header.command;
|
|
|
47585c |
payload_len = data->header.payload_len;
|
|
|
47585c |
+ if (payload_len > sizeof(data->u)) {
|
|
|
47585c |
+ LOG_ERR(PFX "Data payload length too large (%d). Corrupt payload?",
|
|
|
47585c |
+ payload_len);
|
|
|
47585c |
+ rc = -EINVAL;
|
|
|
47585c |
+ goto error;
|
|
|
47585c |
+ }
|
|
|
47585c |
|
|
|
47585c |
LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d",
|
|
|
47585c |
cmd, payload_len);
|
|
|
47585c |
--
|
|
|
47585c |
2.17.2
|
|
|
47585c |
|