From f1ad38e255da86e92003c63ae2927a64a8bce953 Mon Sep 17 00:00:00 2001
From: Chris Leech <cleech@redhat.com>
Date: Mon, 14 Sep 2020 14:09:56 -0700
Subject: [PATCH 1/1] iscsiadm buffer overflow regression when discovering many
targets at once
int_list type didn't zero the output string, so as the rec struct was reused
repeatedly during discovery it would keep growing with repeated values
triggering a strcat buffer overflow
---
usr/idbm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/usr/idbm.c b/usr/idbm.c
index 8d80b33..0862d29 100644
--- a/usr/idbm.c
+++ b/usr/idbm.c
@@ -168,6 +168,7 @@ static struct idbm *db;
#define __recinfo_int_list(_key,_info,_rec,_name,_show,_tbl,_n,_mod) do { \
_info[_n].type = TYPE_INT_LIST; \
strlcpy(_info[_n].name, _key, NAME_MAXVAL); \
+ _info[_n].value[0] = '\0'; \
for(int _i = 0; _i < ARRAY_LEN(_rec->_name); _i++) { \
if (_rec->_name[_i] != ~0) { \
for (int _j = 0; _j < ARRAY_LEN(_tbl); _j++) { \
--
2.26.2