diff options
Diffstat (limited to 'meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch')
| -rw-r--r-- | meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch | 78 |
1 files changed, 0 insertions, 78 deletions
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch deleted file mode 100644 index b73b01120e..0000000000 --- a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch +++ /dev/null @@ -1,78 +0,0 @@ -From c9fc86a50459776d9a7abb609f6503c57d69e034 Mon Sep 17 00:00:00 2001 -From: Lee Duncan <lduncan@suse.com> -Date: Fri, 15 Dec 2017 11:15:26 -0800 -Subject: [PATCH 5/7] Ensure strings from peer are copied correctly. - -The method of using strlen() and strcpy()/strncpy() has -a couple of holes. Do not try to measure the length of -strings supplied from peer, and ensure copied strings are -NULL-terminated. Use the new strlcpy() instead. -Found by Qualsys. - -CVE: CVE-2017-17840 - -Upstream-Status: Backport - -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> ---- - iscsiuio/src/unix/iscsid_ipc.c | 24 ++++++------------------ - 1 file changed, 6 insertions(+), 18 deletions(-) - -diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c -index bde8d66..52ae8c6 100644 ---- a/iscsiuio/src/unix/iscsid_ipc.c -+++ b/iscsiuio/src/unix/iscsid_ipc.c -@@ -152,10 +152,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird) - struct in_addr ia; - struct in6_addr ia6; - -- if (strlen(in_ipaddr_str) > NI_MAXHOST) -- strncpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST); -- else -- strcpy(ipaddr_str, in_ipaddr_str); -+ strlcpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST); - - /* Find the CIDR if any */ - tmp = strchr(ipaddr_str, '/'); -@@ -287,22 +284,16 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec) - - /* For LL on, ignore the IPv6 addr in the iface */ - if (ird->linklocal_autocfg == IPV6_LL_AUTOCFG_OFF) { -- if (strlen(rec->ipv6_linklocal) > NI_MAXHOST) -- strncpy(ipaddr_str, rec->ipv6_linklocal, -- NI_MAXHOST); -- else -- strcpy(ipaddr_str, rec->ipv6_linklocal); -+ strlcpy(ipaddr_str, rec->ipv6_linklocal, -+ NI_MAXHOST); - inet_pton(AF_INET6, ipaddr_str, - &ird->ipv6_linklocal); - } - - /* For RTR on, ignore the IPv6 addr in the iface */ - if (ird->router_autocfg == IPV6_RTR_AUTOCFG_OFF) { -- if (strlen(rec->ipv6_router) > NI_MAXHOST) -- strncpy(ipaddr_str, rec->ipv6_router, -- NI_MAXHOST); -- else -- strcpy(ipaddr_str, rec->ipv6_router); -+ strlcpy(ipaddr_str, rec->ipv6_router, -+ NI_MAXHOST); - inet_pton(AF_INET6, ipaddr_str, - &ird->ipv6_router); - } -@@ -316,10 +307,7 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec) - calculate_default_netmask( - ird->ipv4_addr.s_addr); - -- if (strlen(rec->gateway) > NI_MAXHOST) -- strncpy(ipaddr_str, rec->gateway, NI_MAXHOST); -- else -- strcpy(ipaddr_str, rec->gateway); -+ strlcpy(ipaddr_str, rec->gateway, NI_MAXHOST); - inet_pton(AF_INET, ipaddr_str, &ird->ipv4_gateway); - } - } else { --- -1.9.1 - |