|
 |
e88930 |
From 85f647c4300a888bb6cbc27f33138549cab617e3 Mon Sep 17 00:00:00 2001
|
|
|
e88930 |
From: Lee Duncan <lduncan@suse.com>
|
|
|
e88930 |
Date: Fri, 15 Dec 2017 11:15:26 -0800
|
|
|
e88930 |
Subject: [PATCH] Ensure strings from peer are copied correctly.
|
|
|
e88930 |
|
|
|
e88930 |
The method of using strlen() and strcpy()/strncpy() has
|
|
|
e88930 |
a couple of holes. Do not try to measure the length of
|
|
|
e88930 |
strings supplied from peer, and ensure copied strings are
|
|
|
e88930 |
NULL-terminated. Use the new strlcpy() instead.
|
|
|
e88930 |
Found by Qualsys.
|
|
|
e88930 |
---
|
|
|
e88930 |
iscsiuio/src/unix/iscsid_ipc.c | 24 ++++++------------------
|
|
|
e88930 |
1 file changed, 6 insertions(+), 18 deletions(-)
|
|
|
e88930 |
|
|
|
e88930 |
diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
|
|
|
e88930 |
index 4a6687b32a17..8478f9a411a3 100644
|
|
|
e88930 |
--- a/iscsiuio/src/unix/iscsid_ipc.c
|
|
|
e88930 |
+++ b/iscsiuio/src/unix/iscsid_ipc.c
|
|
|
e88930 |
@@ -147,10 +147,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
|
|
|
e88930 |
struct in_addr ia;
|
|
|
e88930 |
struct in6_addr ia6;
|
|
|
e88930 |
|
|
|
e88930 |
- if (strlen(in_ipaddr_str) > NI_MAXHOST)
|
|
|
e88930 |
- strncpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST);
|
|
|
e88930 |
- else
|
|
|
e88930 |
- strcpy(ipaddr_str, in_ipaddr_str);
|
|
|
e88930 |
+ strlcpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST);
|
|
|
e88930 |
|
|
|
e88930 |
/* Find the CIDR if any */
|
|
|
e88930 |
tmp = strchr(ipaddr_str, '/');
|
|
|
e88930 |
@@ -282,22 +279,16 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec)
|
|
|
e88930 |
|
|
|
e88930 |
/* For LL on, ignore the IPv6 addr in the iface */
|
|
|
e88930 |
if (ird->linklocal_autocfg == IPV6_LL_AUTOCFG_OFF) {
|
|
|
e88930 |
- if (strlen(rec->ipv6_linklocal) > NI_MAXHOST)
|
|
|
e88930 |
- strncpy(ipaddr_str, rec->ipv6_linklocal,
|
|
|
e88930 |
- NI_MAXHOST);
|
|
|
e88930 |
- else
|
|
|
e88930 |
- strcpy(ipaddr_str, rec->ipv6_linklocal);
|
|
|
e88930 |
+ strlcpy(ipaddr_str, rec->ipv6_linklocal,
|
|
|
e88930 |
+ NI_MAXHOST);
|
|
|
e88930 |
inet_pton(AF_INET6, ipaddr_str,
|
|
|
e88930 |
&ird->ipv6_linklocal);
|
|
|
e88930 |
}
|
|
|
e88930 |
|
|
|
e88930 |
/* For RTR on, ignore the IPv6 addr in the iface */
|
|
|
e88930 |
if (ird->router_autocfg == IPV6_RTR_AUTOCFG_OFF) {
|
|
|
e88930 |
- if (strlen(rec->ipv6_router) > NI_MAXHOST)
|
|
|
e88930 |
- strncpy(ipaddr_str, rec->ipv6_router,
|
|
|
e88930 |
- NI_MAXHOST);
|
|
|
e88930 |
- else
|
|
|
e88930 |
- strcpy(ipaddr_str, rec->ipv6_router);
|
|
|
e88930 |
+ strlcpy(ipaddr_str, rec->ipv6_router,
|
|
|
e88930 |
+ NI_MAXHOST);
|
|
|
e88930 |
inet_pton(AF_INET6, ipaddr_str,
|
|
|
e88930 |
&ird->ipv6_router);
|
|
|
e88930 |
}
|
|
|
e88930 |
@@ -311,10 +302,7 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec)
|
|
|
e88930 |
calculate_default_netmask(
|
|
|
e88930 |
ird->ipv4_addr.s_addr);
|
|
|
e88930 |
|
|
|
e88930 |
- if (strlen(rec->gateway) > NI_MAXHOST)
|
|
|
e88930 |
- strncpy(ipaddr_str, rec->gateway, NI_MAXHOST);
|
|
|
e88930 |
- else
|
|
|
e88930 |
- strcpy(ipaddr_str, rec->gateway);
|
|
|
e88930 |
+ strlcpy(ipaddr_str, rec->gateway, NI_MAXHOST);
|
|
|
e88930 |
inet_pton(AF_INET, ipaddr_str, &ird->ipv4_gateway);
|
|
|
e88930 |
}
|
|
|
e88930 |
} else {
|
|
|
e88930 |
--
|
|
|
e88930 |
2.17.2
|
|
|
e88930 |
|