diff options
Diffstat (limited to 'meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch')
-rw-r--r-- | meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch new file mode 100644 index 0000000000..b73b01120e --- /dev/null +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch @@ -0,0 +1,78 @@ +From c9fc86a50459776d9a7abb609f6503c57d69e034 Mon Sep 17 00:00:00 2001 +From: Lee Duncan <lduncan@suse.com> +Date: Fri, 15 Dec 2017 11:15:26 -0800 +Subject: [PATCH 5/7] Ensure strings from peer are copied correctly. + +The method of using strlen() and strcpy()/strncpy() has +a couple of holes. Do not try to measure the length of +strings supplied from peer, and ensure copied strings are +NULL-terminated. Use the new strlcpy() instead. +Found by Qualsys. + +CVE: CVE-2017-17840 + +Upstream-Status: Backport + +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + iscsiuio/src/unix/iscsid_ipc.c | 24 ++++++------------------ + 1 file changed, 6 insertions(+), 18 deletions(-) + +diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c +index bde8d66..52ae8c6 100644 +--- a/iscsiuio/src/unix/iscsid_ipc.c ++++ b/iscsiuio/src/unix/iscsid_ipc.c +@@ -152,10 +152,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird) + struct in_addr ia; + struct in6_addr ia6; + +- if (strlen(in_ipaddr_str) > NI_MAXHOST) +- strncpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST); +- else +- strcpy(ipaddr_str, in_ipaddr_str); ++ strlcpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST); + + /* Find the CIDR if any */ + tmp = strchr(ipaddr_str, '/'); +@@ -287,22 +284,16 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec) + + /* For LL on, ignore the IPv6 addr in the iface */ + if (ird->linklocal_autocfg == IPV6_LL_AUTOCFG_OFF) { +- if (strlen(rec->ipv6_linklocal) > NI_MAXHOST) +- strncpy(ipaddr_str, rec->ipv6_linklocal, +- NI_MAXHOST); +- else +- strcpy(ipaddr_str, rec->ipv6_linklocal); ++ strlcpy(ipaddr_str, rec->ipv6_linklocal, ++ NI_MAXHOST); + inet_pton(AF_INET6, ipaddr_str, + &ird->ipv6_linklocal); + } + + /* For RTR on, ignore the IPv6 addr in the iface */ + if (ird->router_autocfg == IPV6_RTR_AUTOCFG_OFF) { +- if (strlen(rec->ipv6_router) > NI_MAXHOST) +- strncpy(ipaddr_str, rec->ipv6_router, +- NI_MAXHOST); +- else +- strcpy(ipaddr_str, rec->ipv6_router); ++ strlcpy(ipaddr_str, rec->ipv6_router, ++ NI_MAXHOST); + inet_pton(AF_INET6, ipaddr_str, + &ird->ipv6_router); + } +@@ -316,10 +307,7 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec) + calculate_default_netmask( + ird->ipv4_addr.s_addr); + +- if (strlen(rec->gateway) > NI_MAXHOST) +- strncpy(ipaddr_str, rec->gateway, NI_MAXHOST); +- else +- strcpy(ipaddr_str, rec->gateway); ++ strlcpy(ipaddr_str, rec->gateway, NI_MAXHOST); + inet_pton(AF_INET, ipaddr_str, &ird->ipv4_gateway); + } + } else { +-- +1.9.1 + |