From b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea Mon Sep 17 00:00:00 2001 From: Lee Duncan Date: Fri, 15 Dec 2017 10:37:56 -0800 Subject: [PATCH] iscsiuio should ignore bogus iscsid broadcast packets When iscsiuio is receiving broadcast packets from iscsid, if the 'payload_len', carried in the packet, is too large then ignore the packet and print a message. Found by Qualsys. --- iscsiuio/src/unix/iscsid_ipc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c index 64762654c523..b5d7051b0558 100644 --- a/iscsiuio/src/unix/iscsid_ipc.c +++ b/iscsiuio/src/unix/iscsid_ipc.c @@ -945,6 +945,12 @@ int process_iscsid_broadcast(int s2) cmd = data->header.command; payload_len = data->header.payload_len; + if (payload_len > sizeof(data->u)) { + LOG_ERR(PFX "Data payload length too large (%d). Corrupt payload?", + payload_len); + rc = -EINVAL; + goto error; + } LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d", cmd, payload_len); -- 2.17.2