1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
From a6efed7601c890ac051ad1425582ec67dbd3f5ff Mon Sep 17 00:00:00 2001
From: Lee Duncan <lduncan@suse.com>
Date: Fri, 15 Dec 2017 11:18:35 -0800
Subject: [PATCH 6/7] Skip useless strcopy, and validate CIDR length
Remove a useless strcpy() that copies a string onto itself,
and ensure the CIDR length "keepbits" is not negative.
Found by Qualsys.
CVE: CVE-2017-17840
Upstream-Status: Backport
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
iscsiuio/src/unix/iscsid_ipc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
index 52ae8c6..85742da 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
@@ -148,7 +148,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
char *tmp, *tok;
char ipaddr_str[NI_MAXHOST];
char str[INET6_ADDRSTRLEN];
- int keepbits = 0;
+ unsigned long keepbits = 0;
struct in_addr ia;
struct in6_addr ia6;
@@ -161,8 +161,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
tmp = ipaddr_str;
tok = strsep(&tmp, "/");
LOG_INFO(PFX "in cidr: bitmask '%s' ip '%s'", tmp, tok);
- keepbits = atoi(tmp);
- strcpy(ipaddr_str, tok);
+ keepbits = strtoull(tmp, NULL, 10);
}
/* Determine if the IP address passed from the iface file is
--
1.9.1
|