1 files changed, 44 insertions, 0 deletions

diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch
new file mode 100644
index 0000000000..0fa24cd10d
--- /dev/null
+++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch
@@ -0,0 +1,44 @@
+From a6efed7601c890ac051ad1425582ec67dbd3f5ff Mon Sep 17 00:00:00 2001
+From: Lee Duncan <lduncan@suse.com>
+Date: Fri, 15 Dec 2017 11:18:35 -0800
+Subject: [PATCH 6/7] Skip useless strcopy, and validate CIDR length
+
+Remove a useless strcpy() that copies a string onto itself,
+and ensure the CIDR length "keepbits" is not negative.
+Found by Qualsys.
+
+CVE: CVE-2017-17840
+
+Upstream-Status: Backport
+
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ iscsiuio/src/unix/iscsid_ipc.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
+index 52ae8c6..85742da 100644
+--- a/iscsiuio/src/unix/iscsid_ipc.c
++++ b/iscsiuio/src/unix/iscsid_ipc.c
+@@ -148,7 +148,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
+ 	char *tmp, *tok;
+ 	char ipaddr_str[NI_MAXHOST];
+ 	char str[INET6_ADDRSTRLEN];
+-	int keepbits = 0;
++	unsigned long keepbits = 0;
+ 	struct in_addr ia;
+ 	struct in6_addr ia6;
+ 
+@@ -161,8 +161,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
+ 		tmp = ipaddr_str;
+ 		tok = strsep(&tmp, "/");
+ 		LOG_INFO(PFX "in cidr: bitmask '%s' ip '%s'", tmp, tok);
+-		keepbits = atoi(tmp);
+-		strcpy(ipaddr_str, tok);
++		keepbits = strtoull(tmp, NULL, 10);
+ 	}
+ 
+ 	/*  Determine if the IP address passed from the iface file is
+-- 
+1.9.1
+