diff options
Diffstat (limited to 'meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch')
-rw-r--r-- | meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch new file mode 100644 index 0000000000..0fa24cd10d --- /dev/null +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch @@ -0,0 +1,44 @@ +From a6efed7601c890ac051ad1425582ec67dbd3f5ff Mon Sep 17 00:00:00 2001 +From: Lee Duncan <lduncan@suse.com> +Date: Fri, 15 Dec 2017 11:18:35 -0800 +Subject: [PATCH 6/7] Skip useless strcopy, and validate CIDR length + +Remove a useless strcpy() that copies a string onto itself, +and ensure the CIDR length "keepbits" is not negative. +Found by Qualsys. + +CVE: CVE-2017-17840 + +Upstream-Status: Backport + +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + iscsiuio/src/unix/iscsid_ipc.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c +index 52ae8c6..85742da 100644 +--- a/iscsiuio/src/unix/iscsid_ipc.c ++++ b/iscsiuio/src/unix/iscsid_ipc.c +@@ -148,7 +148,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird) + char *tmp, *tok; + char ipaddr_str[NI_MAXHOST]; + char str[INET6_ADDRSTRLEN]; +- int keepbits = 0; ++ unsigned long keepbits = 0; + struct in_addr ia; + struct in6_addr ia6; + +@@ -161,8 +161,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird) + tmp = ipaddr_str; + tok = strsep(&tmp, "/"); + LOG_INFO(PFX "in cidr: bitmask '%s' ip '%s'", tmp, tok); +- keepbits = atoi(tmp); +- strcpy(ipaddr_str, tok); ++ keepbits = strtoull(tmp, NULL, 10); + } + + /* Determine if the IP address passed from the iface file is +-- +1.9.1 + |