rpms / iscsi-initiator-utils

Clone
Source Code
GIT

Files

  1.   e88930263496373bdfc3379c0af3a6c81610c7f2
  2.   SOURCES
  3.   open-iscsi-2.0.875-15-iscsiuio-should-ignore-bogus-iscsid-broadcast-packets.patch
Blob Blame History Raw 
From b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea Mon Sep 17 00:00:00 2001
From: Lee Duncan <lduncan@suse.com>
Date: Fri, 15 Dec 2017 10:37:56 -0800
Subject: [PATCH] iscsiuio should ignore bogus iscsid broadcast packets

When iscsiuio is receiving broadcast packets from iscsid,
if the 'payload_len', carried in the packet, is too
large then ignore the packet and print a message.
Found by Qualsys.
---
 iscsiuio/src/unix/iscsid_ipc.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
index 64762654c523..b5d7051b0558 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
@@ -945,6 +945,12 @@ int process_iscsid_broadcast(int s2)
 
 	cmd = data->header.command;
 	payload_len = data->header.payload_len;
+	if (payload_len > sizeof(data->u)) {
+		LOG_ERR(PFX "Data payload length too large (%d). Corrupt payload?",
+				payload_len);
+		rc = -EINVAL;
+		goto error;
+	}
 
 	LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d",
 		  cmd, payload_len);
-- 
2.17.2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation