diff --git a/SOURCES/0504-iscsiadm-buffer-overflow-regression-when-discovering.patch b/SOURCES/0504-iscsiadm-buffer-overflow-regression-when-discovering.patch new file mode 100644 index 0000000..8513a0d --- /dev/null +++ b/SOURCES/0504-iscsiadm-buffer-overflow-regression-when-discovering.patch @@ -0,0 +1,28 @@ +From f1ad38e255da86e92003c63ae2927a64a8bce953 Mon Sep 17 00:00:00 2001 +From: Chris Leech +Date: Mon, 14 Sep 2020 14:09:56 -0700 +Subject: [PATCH 1/1] iscsiadm buffer overflow regression when discovering many + targets at once + +int_list type didn't zero the output string, so as the rec struct was reused +repeatedly during discovery it would keep growing with repeated values +triggering a strcat buffer overflow +--- + usr/idbm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/usr/idbm.c b/usr/idbm.c +index 8d80b33..0862d29 100644 +--- a/usr/idbm.c ++++ b/usr/idbm.c +@@ -168,6 +168,7 @@ static struct idbm *db; + #define __recinfo_int_list(_key,_info,_rec,_name,_show,_tbl,_n,_mod) do { \ + _info[_n].type = TYPE_INT_LIST; \ + strlcpy(_info[_n].name, _key, NAME_MAXVAL); \ ++ _info[_n].value[0] = '\0'; \ + for(int _i = 0; _i < ARRAY_LEN(_rec->_name); _i++) { \ + if (_rec->_name[_i] != ~0) { \ + for (int _j = 0; _j < ARRAY_LEN(_tbl); _j++) { \ +-- +2.26.2 + diff --git a/SPECS/iscsi-initiator-utils.spec b/SPECS/iscsi-initiator-utils.spec index b1671bc..d73814f 100644 --- a/SPECS/iscsi-initiator-utils.spec +++ b/SPECS/iscsi-initiator-utils.spec @@ -4,7 +4,7 @@ Summary: iSCSI daemon and utility programs Name: iscsi-initiator-utils Version: 6.%{open_iscsi_version}.%{open_iscsi_build} -Release: 19%{?dist} +Release: 20%{?dist} Group: System Environment/Daemons License: GPLv2+ URL: http://www.open-iscsi.org @@ -108,6 +108,7 @@ Patch500: 0500-CHAP-SHA-1-SHA-256-SHA3-256-via-OpenSSL-s-libcrypto.patch Patch501: 0501-configuration-support-for-CHAP-algorithms.patch Patch502: 0502-CHAP-FIPS-backport-fixups.patch Patch503: 0503-fix-libiscsi-after-adding-libcrypto-requirement.patch +Patch504: 0504-iscsiadm-buffer-overflow-regression-when-discovering.patch BuildRequires: flex bison python-devel doxygen kmod-devel systemd-devel libmount-devel autoconf automake libtool openssl-devel # For dir ownership @@ -331,6 +332,9 @@ fi %{_includedir}/libiscsi.h %changelog +* Wed Sep 30 2020 Chris Leech - 6.2.0.874-20 +- 1881245 iscsiadm regression when discovering many targets at once + * Thu Jul 02 2020 Chris Leech - 6.2.0.874-19 - 1851250 fix libiscsi for libcrypto requirement