8 files changed, 463 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0001-Check-for-root-peer-user-for-iscsiuio-IPC.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0001-Check-for-root-peer-user-for-iscsiuio-IPC.patch
new file mode 100644
index 0000000000..2fd5c08a1c
--- /dev/null
+++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0001-Check-for-root-peer-user-for-iscsiuio-IPC.patch
@@ -0,0 +1,135 @@
+From eb516ac5f9dddc80564f6becee08a0011e7aa58b Mon Sep 17 00:00:00 2001
+From: Lee Duncan <lduncan@suse.com>
+Date: Fri, 15 Dec 2017 10:36:11 -0800
+Subject: [PATCH 1/7] Check for root peer user for iscsiuio IPC
+This fixes a possible vulnerability where a non-root
+process could connect with iscsiuio. Fouund by Qualsys.
+CVE: CVE-2017-17840
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ iscsiuio/src/unix/Makefile.am  |  3 ++-
+ iscsiuio/src/unix/iscsid_ipc.c | 47 ++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 49 insertions(+), 1 deletion(-)
+diff --git a/iscsiuio/src/unix/Makefile.am b/iscsiuio/src/unix/Makefile.am
+index 71d5463..a989ef0 100644
+--- a/iscsiuio/src/unix/Makefile.am
+++ b/iscsiuio/src/unix/Makefile.am
+@@ -20,7 +20,8 @@ iscsiuio_SOURCES =    build_date.c            \
+                        nic_utils.c             \
+                        packet.c                \
+                        iscsid_ipc.c            \
+-                       ping.c
+                       ping.c                  \
+                       ${top_srcdir}/../utils/sysdeps/sysdeps.c
+ 
+ iscsiuio_CFLAGS =      $(AM_CFLAGS)            \
+                        $(LIBNL_CFLAGS)         \
+diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
+index a2a59a8..08e49e5 100644
+--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
+@@ -37,6 +37,8 @@
+  *
+  */
+ 
+#define _GNU_SOURCE
+
+ #include <errno.h>
+ #include <pthread.h>
+ #include <signal.h>
+@@ -47,6 +49,8 @@
+ #include <sys/socket.h>
+ #include <sys/time.h>
+ #include <sys/un.h>
+#include <sys/types.h>
+#include <pwd.h>
+ 
+ #define PFX "iscsi_ipc "
+ 
+@@ -61,6 +65,7 @@
+ #include "iscsid_ipc.h"
+ #include "uip.h"
+ #include "uip_mgmt_ipc.h"
+#include "sysdeps.h"
+ 
+ #include "logger.h"
+ #include "uip.h"
+@@ -102,6 +107,7 @@ struct iface_rec_decode {
+        uint16_t                mtu;
+ };
+ 
+#define PEERUSER_MAX   64
+ 
+ /******************************************************************************
+  *  iscsid_ipc Constants
+@@ -1029,6 +1035,40 @@ static void iscsid_loop_close(void *arg)
+        LOG_INFO(PFX "iSCSI daemon socket closed");
+ }
+ 
+/*
+ * check that the peer user is privilidged
+ *
+ * return 1 if peer is ok else 0
+ *
+ * XXX: this function is copied from iscsid_ipc.c and should be
+ * moved into a common library
+ */
+static int
+mgmt_peeruser(int sock, char *user)
+{
+       struct ucred peercred;
+       socklen_t so_len = sizeof(peercred);
+       struct passwd *pass;
+
+       errno = 0;
+       if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &peercred,
+               &so_len) != 0 || so_len != sizeof(peercred)) {
+               /* We didn't get a valid credentials struct. */
+               LOG_ERR(PFX "peeruser_unux: error receiving credentials: %m");
+               return 0;
+       }
+
+       pass = getpwuid(peercred.uid);
+       if (pass == NULL) {
+               LOG_ERR(PFX "peeruser_unix: unknown local user with uid %d",
+                               (int) peercred.uid);
+               return 0;
+       }
+
+       strlcpy(user, pass->pw_name, PEERUSER_MAX);
+       return 1;
+}
+
+ /**
+  *  iscsid_loop() - This is the function which will process the broadcast
+  *                  messages from iscsid
+@@ -1038,6 +1078,7 @@ static void *iscsid_loop(void *arg)
+ {
+        int rc;
+        sigset_t set;
+       char user[PEERUSER_MAX];
+ 
+        pthread_cleanup_push(iscsid_loop_close, arg);
+ 
+@@ -1077,6 +1118,12 @@ static void *iscsid_loop(void *arg)
+                        continue;
+                }
+ 
+               if (!mgmt_peeruser(iscsid_opts.fd, user) || strncmp(user, "root", PEERUSER_MAX)) {
+                       close(s2);
+                       LOG_ERR(PFX "Access error: non-administrative connection rejected");
+                       break;
+               }
+
+                process_iscsid_broadcast(s2);
+                close(s2);
+        }
+-- 
+1.9.1
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch
new file mode 100644
index 0000000000..1f5202ec02
--- /dev/null
+++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch
@@ -0,0 +1,39 @@
+From 035bb16845537351e1bccb16d38981754fd53129 Mon Sep 17 00:00:00 2001
+From: Lee Duncan <lduncan@suse.com>
+Date: Fri, 15 Dec 2017 10:37:56 -0800
+Subject: [PATCH 2/7] iscsiuio should ignore bogus iscsid broadcast packets
+When iscsiuio is receiving broadcast packets from iscsid,
+if the 'payload_len', carried in the packet, is too
+large then ignore the packet and print a message.
+Found by Qualsys.
+CVE: CVE-2017-17840
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ iscsiuio/src/unix/iscsid_ipc.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
+index 08e49e5..dfdae63 100644
+--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
+@@ -950,6 +950,12 @@ int process_iscsid_broadcast(int s2)
+ 
+        cmd = data->header.command;
+        payload_len = data->header.payload_len;
+       if (payload_len > sizeof(data->u)) {
+               LOG_ERR(PFX "Data payload length too large (%d). Corrupt payload?",
+                               payload_len);
+               rc = -EINVAL;
+               goto error;
+       }
+ 
+        LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d",
+                  cmd, payload_len);
+-- 
+1.9.1
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch
new file mode 100644
index 0000000000..825083b741
--- /dev/null
+++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch
@@ -0,0 +1,34 @@
+From 81d3106cf8f09c79fe20ad7d234d7e1dda27bddb Mon Sep 17 00:00:00 2001
+From: Lee Duncan <lduncan@suse.com>
+Date: Fri, 15 Dec 2017 11:11:17 -0800
+Subject: [PATCH 3/7] Ensure all fields in iscsiuio IPC response are set
+Make sure all fields in the response strcuture are set,
+or info from the stack can be leaked to our caller.
+Found by Qualsys.
+CVE: CVE-2017-17840
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ iscsiuio/src/unix/iscsid_ipc.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
+index dfdae63..61e96cc 100644
+--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
+@@ -960,6 +960,8 @@ int process_iscsid_broadcast(int s2)
+        LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d",
+                  cmd, payload_len);
+ 
+       memset(&rsp, 0, sizeof(rsp));
+
+        switch (cmd) {
+        case ISCSID_UIP_IPC_GET_IFACE:
+                size = fread(&data->u.iface_rec, payload_len, 1, fd);
+-- 
+1.9.1
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch
new file mode 100644
index 0000000000..274722c231
--- /dev/null
+++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch
@@ -0,0 +1,62 @@
+From 8167e5ce99682f64918a20966ce393cd33ac67ef Mon Sep 17 00:00:00 2001
+From: Lee Duncan <lduncan@suse.com>
+Date: Fri, 15 Dec 2017 11:13:29 -0800
+Subject: [PATCH 4/7] Do not double-close IPC file stream to iscsid
+A double-close of a file descriptor and its associated FILE stream
+can be an issue in multi-threaded cases. Found by Qualsys.
+CVE: CVE-2017-17840
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ iscsiuio/src/unix/iscsid_ipc.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
+index 61e96cc..bde8d66 100644
+--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
+@@ -913,6 +913,9 @@ early_exit:
+ /**
+  *  process_iscsid_broadcast() - This function is used to process the
+  *                               broadcast messages from iscsid
+ *
+ *                               s2 is an open file descriptor, which
+ *                               must not be left open upon return
+  */
+ int process_iscsid_broadcast(int s2)
+ {
+@@ -928,6 +931,7 @@ int process_iscsid_broadcast(int s2)
+        if (fd == NULL) {
+                LOG_ERR(PFX "Couldn't open file descriptor: %d(%s)",
+                        errno, strerror(errno));
+               close(s2);
+                return -EIO;
+        }
+ 
+@@ -1030,7 +1034,8 @@ int process_iscsid_broadcast(int s2)
+        }
+ 
+ error:
+-       free(data);
+       if (data)
+               free(data);
+        fclose(fd);
+ 
+        return rc;
+@@ -1132,8 +1137,8 @@ static void *iscsid_loop(void *arg)
+                        break;
+                }
+ 
+               /* this closes the file descriptor s2 */
+                process_iscsid_broadcast(s2);
+-               close(s2);
+        }
+ 
+        pthread_cleanup_pop(0);
+-- 
+1.9.1
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch
new file mode 100644
index 0000000000..b73b01120e
--- /dev/null
+++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch
@@ -0,0 +1,78 @@
+From c9fc86a50459776d9a7abb609f6503c57d69e034 Mon Sep 17 00:00:00 2001
+From: Lee Duncan <lduncan@suse.com>
+Date: Fri, 15 Dec 2017 11:15:26 -0800
+Subject: [PATCH 5/7] Ensure strings from peer are copied correctly.
+The method of using strlen() and strcpy()/strncpy() has
+a couple of holes. Do not try to measure the length of
+strings supplied from peer, and ensure copied strings are
+NULL-terminated. Use the new strlcpy() instead.
+Found by Qualsys.
+CVE: CVE-2017-17840
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ iscsiuio/src/unix/iscsid_ipc.c | 24 ++++++------------------
+ 1 file changed, 6 insertions(+), 18 deletions(-)
+diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
+index bde8d66..52ae8c6 100644
+--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
+@@ -152,10 +152,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
+        struct in_addr ia;
+        struct in6_addr ia6;
+ 
+-       if (strlen(in_ipaddr_str) > NI_MAXHOST)
+-               strncpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST);
+-       else
+-               strcpy(ipaddr_str, in_ipaddr_str);
+       strlcpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST);
+ 
+        /* Find the CIDR if any */
+        tmp = strchr(ipaddr_str, '/');
+@@ -287,22 +284,16 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec)
+ 
+                        /* For LL on, ignore the IPv6 addr in the iface */
+                        if (ird->linklocal_autocfg == IPV6_LL_AUTOCFG_OFF) {
+-                               if (strlen(rec->ipv6_linklocal) > NI_MAXHOST)
+-                                       strncpy(ipaddr_str, rec->ipv6_linklocal,
+-                                               NI_MAXHOST);
+-                               else
+-                                       strcpy(ipaddr_str, rec->ipv6_linklocal);
+                               strlcpy(ipaddr_str, rec->ipv6_linklocal,
+                                       NI_MAXHOST);
+                                inet_pton(AF_INET6, ipaddr_str,
+                                          &ird->ipv6_linklocal);
+                        }
+ 
+                        /* For RTR on, ignore the IPv6 addr in the iface */
+                        if (ird->router_autocfg == IPV6_RTR_AUTOCFG_OFF) {
+-                               if (strlen(rec->ipv6_router) > NI_MAXHOST)
+-                                       strncpy(ipaddr_str, rec->ipv6_router,
+-                                               NI_MAXHOST);
+-                               else
+-                                       strcpy(ipaddr_str, rec->ipv6_router);
+                               strlcpy(ipaddr_str, rec->ipv6_router,
+                                       NI_MAXHOST);
+                                inet_pton(AF_INET6, ipaddr_str,
+                                          &ird->ipv6_router);
+                        }
+@@ -316,10 +307,7 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec)
+                                        calculate_default_netmask(
+                                                        ird->ipv4_addr.s_addr);
+ 
+-                       if (strlen(rec->gateway) > NI_MAXHOST)
+-                               strncpy(ipaddr_str, rec->gateway, NI_MAXHOST);
+-                       else
+-                               strcpy(ipaddr_str, rec->gateway);
+                       strlcpy(ipaddr_str, rec->gateway, NI_MAXHOST);
+                        inet_pton(AF_INET, ipaddr_str, &ird->ipv4_gateway);
+                }
+        } else {
+-- 
+1.9.1
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch
new file mode 100644
index 0000000000..0fa24cd10d
--- /dev/null
+++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch
@@ -0,0 +1,44 @@
+From a6efed7601c890ac051ad1425582ec67dbd3f5ff Mon Sep 17 00:00:00 2001
+From: Lee Duncan <lduncan@suse.com>
+Date: Fri, 15 Dec 2017 11:18:35 -0800
+Subject: [PATCH 6/7] Skip useless strcopy, and validate CIDR length
+Remove a useless strcpy() that copies a string onto itself,
+and ensure the CIDR length "keepbits" is not negative.
+Found by Qualsys.
+CVE: CVE-2017-17840
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ iscsiuio/src/unix/iscsid_ipc.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
+index 52ae8c6..85742da 100644
+--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
+@@ -148,7 +148,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
+        char *tmp, *tok;
+        char ipaddr_str[NI_MAXHOST];
+        char str[INET6_ADDRSTRLEN];
+-       int keepbits = 0;
+       unsigned long keepbits = 0;
+        struct in_addr ia;
+        struct in6_addr ia6;
+ 
+@@ -161,8 +161,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
+                tmp = ipaddr_str;
+                tok = strsep(&tmp, "/");
+                LOG_INFO(PFX "in cidr: bitmask '%s' ip '%s'", tmp, tok);
+-               keepbits = atoi(tmp);
+-               strcpy(ipaddr_str, tok);
+               keepbits = strtoull(tmp, NULL, 10);
+        }
+ 
+        /*  Determine if the IP address passed from the iface file is
+-- 
+1.9.1
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0007-Check-iscsiuio-ping-data-length-for-validity.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0007-Check-iscsiuio-ping-data-length-for-validity.patch
new file mode 100644
index 0000000000..c63c0a8d56
--- /dev/null
+++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0007-Check-iscsiuio-ping-data-length-for-validity.patch
@@ -0,0 +1,64 @@
+From 5df60ad8b22194391af34c1a7e54776b0372ffed Mon Sep 17 00:00:00 2001
+From: Lee Duncan <lduncan@suse.com>
+Date: Fri, 15 Dec 2017 11:21:15 -0800
+Subject: [PATCH 7/7] Check iscsiuio ping data length for validity
+We do not trust that the received ping packet data length
+is correct, so sanity check it. Found by Qualsys.
+CVE: CVE-2017-17840
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ iscsiuio/src/unix/iscsid_ipc.c | 5 +++++
+ iscsiuio/src/unix/packet.c     | 2 +-
+ iscsiuio/src/unix/packet.h     | 2 ++
+ 3 files changed, 8 insertions(+), 1 deletion(-)
+diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
+index 85742da..a2caacc 100644
+--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
+@@ -333,6 +333,11 @@ static void *perform_ping(void *arg)
+ 
+        data = (iscsid_uip_broadcast_t *)png_c->data;
+        datalen = data->u.ping_rec.datalen;
+       if ((datalen > STD_MTU_SIZE) || (datalen < 0)) {
+               LOG_ERR(PFX "Ping datalen invalid: %d", datalen);
+               rc = -EINVAL;
+               goto ping_done;
+       }
+ 
+        memset(dst_addr, 0, sizeof(uip_ip6addr_t));
+        if (nic_iface->protocol == AF_INET) {
+diff --git a/iscsiuio/src/unix/packet.c b/iscsiuio/src/unix/packet.c
+index ecea09b..3ce2c6b 100644
+--- a/iscsiuio/src/unix/packet.c
+++ b/iscsiuio/src/unix/packet.c
+@@ -112,7 +112,7 @@ int alloc_free_queue(nic_t *nic, size_t num_of_packets)
+        for (i = 0; i < num_of_packets; i++) {
+                packet_t *pkt;
+ 
+-               pkt = alloc_packet(1500, 1500);
+               pkt = alloc_packet(STD_MTU_SIZE, STD_MTU_SIZE);
+                if (pkt == NULL) {
+                        goto done;
+                }
+diff --git a/iscsiuio/src/unix/packet.h b/iscsiuio/src/unix/packet.h
+index b63d688..19d1db9 100644
+--- a/iscsiuio/src/unix/packet.h
+++ b/iscsiuio/src/unix/packet.h
+@@ -43,6 +43,8 @@
+ 
+ #include "nic.h"
+ 
+#define        STD_MTU_SIZE    1500
+
+ struct nic;
+ struct nic_interface;
+ 
+-- 
+1.9.1
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0.874.bb b/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0.874.bb
index 95848d0b33..6c4a867b52 100644
--- a/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0.874.bb
+++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0.874.bb
@@ -22,6 +22,13 @@ SRC_URI = "git://github.com/open-iscsi/open-iscsi \
    file://iscsi-initiator.service \
    file://iscsi-initiator-targets.service \
    file://set_initiatorname \
+    file://0001-Check-for-root-peer-user-for-iscsiuio-IPC.patch \
+    file://0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch \
+    file://0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch \
+    file://0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch \
+    file://0005-Ensure-strings-from-peer-are-copied-correctly.patch \
+    file://0006-Skip-useless-strcopy-and-validate-CIDR-length.patch \
+    file://0007-Check-iscsiuio-ping-data-length-for-validity.patch \
 "
 S = "${WORKDIR}/git"

diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0001-Check-for-root-peer-user-for-iscsiuio-IPC.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0001-Check-for-root-peer-user-for-iscsiuio-IPC.patch new file mode 100644 index 0000000000..2fd5c08a1c --- /dev/null +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0001-Check-for-root-peer-user-for-iscsiuio-IPC.patch
@@ -0,0 +1,135 @@
		1	From eb516ac5f9dddc80564f6becee08a0011e7aa58b Mon Sep 17 00:00:00 2001
		2	From: Lee Duncan <lduncan@suse.com>
		3	Date: Fri, 15 Dec 2017 10:36:11 -0800
		4	Subject: [PATCH 1/7] Check for root peer user for iscsiuio IPC
		5
		6	This fixes a possible vulnerability where a non-root
		7	process could connect with iscsiuio. Fouund by Qualsys.
		8
		9	CVE: CVE-2017-17840
		10
		11	Upstream-Status: Backport
		12
		13	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		14	---
		15	iscsiuio/src/unix/Makefile.am \| 3 ++-
		16	iscsiuio/src/unix/iscsid_ipc.c \| 47 ++++++++++++++++++++++++++++++++++++++++++
		17	2 files changed, 49 insertions(+), 1 deletion(-)
		18
		19	diff --git a/iscsiuio/src/unix/Makefile.am b/iscsiuio/src/unix/Makefile.am
		20	index 71d5463..a989ef0 100644
		21	--- a/iscsiuio/src/unix/Makefile.am
		22	+++ b/iscsiuio/src/unix/Makefile.am
		23	@@ -20,7 +20,8 @@ iscsiuio_SOURCES = build_date.c \
		24	nic_utils.c \
		25	packet.c \
		26	iscsid_ipc.c \
		27	- ping.c
		28	+ ping.c \
		29	+ ${top_srcdir}/../utils/sysdeps/sysdeps.c
		30
		31	iscsiuio_CFLAGS = $(AM_CFLAGS) \
		32	$(LIBNL_CFLAGS) \
		33	diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
		34	index a2a59a8..08e49e5 100644
		35	--- a/iscsiuio/src/unix/iscsid_ipc.c
		36	+++ b/iscsiuio/src/unix/iscsid_ipc.c
		37	@@ -37,6 +37,8 @@
		38	*
		39	*/
		40
		41	+#define _GNU_SOURCE
		42	+
		43	#include <errno.h>
		44	#include <pthread.h>
		45	#include <signal.h>
		46	@@ -47,6 +49,8 @@
		47	#include <sys/socket.h>
		48	#include <sys/time.h>
		49	#include <sys/un.h>
		50	+#include <sys/types.h>
		51	+#include <pwd.h>
		52
		53	#define PFX "iscsi_ipc "
		54
		55	@@ -61,6 +65,7 @@
		56	#include "iscsid_ipc.h"
		57	#include "uip.h"
		58	#include "uip_mgmt_ipc.h"
		59	+#include "sysdeps.h"
		60
		61	#include "logger.h"
		62	#include "uip.h"
		63	@@ -102,6 +107,7 @@ struct iface_rec_decode {
		64	uint16_t mtu;
		65	};
		66
		67	+#define PEERUSER_MAX 64
		68
		69	/******************************************************************************
		70	* iscsid_ipc Constants
		71	@@ -1029,6 +1035,40 @@ static void iscsid_loop_close(void *arg)
		72	LOG_INFO(PFX "iSCSI daemon socket closed");
		73	}
		74
		75	+/*
		76	+ * check that the peer user is privilidged
		77	+ *
		78	+ * return 1 if peer is ok else 0
		79	+ *
		80	+ * XXX: this function is copied from iscsid_ipc.c and should be
		81	+ * moved into a common library
		82	+ */
		83	+static int
		84	+mgmt_peeruser(int sock, char *user)
		85	+{
		86	+ struct ucred peercred;
		87	+ socklen_t so_len = sizeof(peercred);
		88	+ struct passwd *pass;
		89	+
		90	+ errno = 0;
		91	+ if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &peercred,
		92	+ &so_len) != 0 \|\| so_len != sizeof(peercred)) {
		93	+ /* We didn't get a valid credentials struct. */
		94	+ LOG_ERR(PFX "peeruser_unux: error receiving credentials: %m");
		95	+ return 0;
		96	+ }
		97	+
		98	+ pass = getpwuid(peercred.uid);
		99	+ if (pass == NULL) {
		100	+ LOG_ERR(PFX "peeruser_unix: unknown local user with uid %d",
		101	+ (int) peercred.uid);
		102	+ return 0;
		103	+ }
		104	+
		105	+ strlcpy(user, pass->pw_name, PEERUSER_MAX);
		106	+ return 1;
		107	+}
		108	+
		109	/**
		110	* iscsid_loop() - This is the function which will process the broadcast
		111	* messages from iscsid
		112	@@ -1038,6 +1078,7 @@ static void iscsid_loop(void arg)
		113	{
		114	int rc;
		115	sigset_t set;
		116	+ char user[PEERUSER_MAX];
		117
		118	pthread_cleanup_push(iscsid_loop_close, arg);
		119
		120	@@ -1077,6 +1118,12 @@ static void iscsid_loop(void arg)
		121	continue;
		122	}
		123
		124	+ if (!mgmt_peeruser(iscsid_opts.fd, user) \|\| strncmp(user, "root", PEERUSER_MAX)) {
		125	+ close(s2);
		126	+ LOG_ERR(PFX "Access error: non-administrative connection rejected");
		127	+ break;
		128	+ }
		129	+
		130	process_iscsid_broadcast(s2);
		131	close(s2);
		132	}
		133	--
		134	1.9.1
		135


diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch new file mode 100644 index 0000000000..1f5202ec02 --- /dev/null +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch
@@ -0,0 +1,39 @@
		1	From 035bb16845537351e1bccb16d38981754fd53129 Mon Sep 17 00:00:00 2001
		2	From: Lee Duncan <lduncan@suse.com>
		3	Date: Fri, 15 Dec 2017 10:37:56 -0800
		4	Subject: [PATCH 2/7] iscsiuio should ignore bogus iscsid broadcast packets
		5
		6	When iscsiuio is receiving broadcast packets from iscsid,
		7	if the 'payload_len', carried in the packet, is too
		8	large then ignore the packet and print a message.
		9	Found by Qualsys.
		10
		11	CVE: CVE-2017-17840
		12
		13	Upstream-Status: Backport
		14
		15	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		16	---
		17	iscsiuio/src/unix/iscsid_ipc.c \| 6 ++++++
		18	1 file changed, 6 insertions(+)
		19
		20	diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
		21	index 08e49e5..dfdae63 100644
		22	--- a/iscsiuio/src/unix/iscsid_ipc.c
		23	+++ b/iscsiuio/src/unix/iscsid_ipc.c
		24	@@ -950,6 +950,12 @@ int process_iscsid_broadcast(int s2)
		25
		26	cmd = data->header.command;
		27	payload_len = data->header.payload_len;
		28	+ if (payload_len > sizeof(data->u)) {
		29	+ LOG_ERR(PFX "Data payload length too large (%d). Corrupt payload?",
		30	+ payload_len);
		31	+ rc = -EINVAL;
		32	+ goto error;
		33	+ }
		34
		35	LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d",
		36	cmd, payload_len);
		37	--
		38	1.9.1
		39


diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch new file mode 100644 index 0000000000..825083b741 --- /dev/null +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch
@@ -0,0 +1,34 @@
		1	From 81d3106cf8f09c79fe20ad7d234d7e1dda27bddb Mon Sep 17 00:00:00 2001
		2	From: Lee Duncan <lduncan@suse.com>
		3	Date: Fri, 15 Dec 2017 11:11:17 -0800
		4	Subject: [PATCH 3/7] Ensure all fields in iscsiuio IPC response are set
		5
		6	Make sure all fields in the response strcuture are set,
		7	or info from the stack can be leaked to our caller.
		8	Found by Qualsys.
		9
		10	CVE: CVE-2017-17840
		11
		12	Upstream-Status: Backport
		13
		14	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		15	---
		16	iscsiuio/src/unix/iscsid_ipc.c \| 2 ++
		17	1 file changed, 2 insertions(+)
		18
		19	diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
		20	index dfdae63..61e96cc 100644
		21	--- a/iscsiuio/src/unix/iscsid_ipc.c
		22	+++ b/iscsiuio/src/unix/iscsid_ipc.c
		23	@@ -960,6 +960,8 @@ int process_iscsid_broadcast(int s2)
		24	LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d",
		25	cmd, payload_len);
		26
		27	+ memset(&rsp, 0, sizeof(rsp));
		28	+
		29	switch (cmd) {
		30	case ISCSID_UIP_IPC_GET_IFACE:
		31	size = fread(&data->u.iface_rec, payload_len, 1, fd);
		32	--
		33	1.9.1
		34


diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch new file mode 100644 index 0000000000..274722c231 --- /dev/null +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch
@@ -0,0 +1,62 @@
		1	From 8167e5ce99682f64918a20966ce393cd33ac67ef Mon Sep 17 00:00:00 2001
		2	From: Lee Duncan <lduncan@suse.com>
		3	Date: Fri, 15 Dec 2017 11:13:29 -0800
		4	Subject: [PATCH 4/7] Do not double-close IPC file stream to iscsid
		5
		6	A double-close of a file descriptor and its associated FILE stream
		7	can be an issue in multi-threaded cases. Found by Qualsys.
		8
		9	CVE: CVE-2017-17840
		10
		11	Upstream-Status: Backport
		12
		13	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		14	---
		15	iscsiuio/src/unix/iscsid_ipc.c \| 9 +++++++--
		16	1 file changed, 7 insertions(+), 2 deletions(-)
		17
		18	diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
		19	index 61e96cc..bde8d66 100644
		20	--- a/iscsiuio/src/unix/iscsid_ipc.c
		21	+++ b/iscsiuio/src/unix/iscsid_ipc.c
		22	@@ -913,6 +913,9 @@ early_exit:
		23	/**
		24	* process_iscsid_broadcast() - This function is used to process the
		25	* broadcast messages from iscsid
		26	+ *
		27	+ * s2 is an open file descriptor, which
		28	+ * must not be left open upon return
		29	*/
		30	int process_iscsid_broadcast(int s2)
		31	{
		32	@@ -928,6 +931,7 @@ int process_iscsid_broadcast(int s2)
		33	if (fd == NULL) {
		34	LOG_ERR(PFX "Couldn't open file descriptor: %d(%s)",
		35	errno, strerror(errno));
		36	+ close(s2);
		37	return -EIO;
		38	}
		39
		40	@@ -1030,7 +1034,8 @@ int process_iscsid_broadcast(int s2)
		41	}
		42
		43	error:
		44	- free(data);
		45	+ if (data)
		46	+ free(data);
		47	fclose(fd);
		48
		49	return rc;
		50	@@ -1132,8 +1137,8 @@ static void iscsid_loop(void arg)
		51	break;
		52	}
		53
		54	+ /* this closes the file descriptor s2 */
		55	process_iscsid_broadcast(s2);
		56	- close(s2);
		57	}
		58
		59	pthread_cleanup_pop(0);
		60	--
		61	1.9.1
		62


diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch new file mode 100644 index 0000000000..b73b01120e --- /dev/null +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch
@@ -0,0 +1,78 @@
		1	From c9fc86a50459776d9a7abb609f6503c57d69e034 Mon Sep 17 00:00:00 2001
		2	From: Lee Duncan <lduncan@suse.com>
		3	Date: Fri, 15 Dec 2017 11:15:26 -0800
		4	Subject: [PATCH 5/7] Ensure strings from peer are copied correctly.
		5
		6	The method of using strlen() and strcpy()/strncpy() has
		7	a couple of holes. Do not try to measure the length of
		8	strings supplied from peer, and ensure copied strings are
		9	NULL-terminated. Use the new strlcpy() instead.
		10	Found by Qualsys.
		11
		12	CVE: CVE-2017-17840
		13
		14	Upstream-Status: Backport
		15
		16	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		17	---
		18	iscsiuio/src/unix/iscsid_ipc.c \| 24 ++++++------------------
		19	1 file changed, 6 insertions(+), 18 deletions(-)
		20
		21	diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
		22	index bde8d66..52ae8c6 100644
		23	--- a/iscsiuio/src/unix/iscsid_ipc.c
		24	+++ b/iscsiuio/src/unix/iscsid_ipc.c
		25	@@ -152,10 +152,7 @@ static int decode_cidr(char in_ipaddr_str, struct iface_rec_decode ird)
		26	struct in_addr ia;
		27	struct in6_addr ia6;
		28
		29	- if (strlen(in_ipaddr_str) > NI_MAXHOST)
		30	- strncpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST);
		31	- else
		32	- strcpy(ipaddr_str, in_ipaddr_str);
		33	+ strlcpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST);
		34
		35	/* Find the CIDR if any */
		36	tmp = strchr(ipaddr_str, '/');
		37	@@ -287,22 +284,16 @@ static int decode_iface(struct iface_rec_decode ird, struct iface_rec rec)
		38
		39	/* For LL on, ignore the IPv6 addr in the iface */
		40	if (ird->linklocal_autocfg == IPV6_LL_AUTOCFG_OFF) {
		41	- if (strlen(rec->ipv6_linklocal) > NI_MAXHOST)
		42	- strncpy(ipaddr_str, rec->ipv6_linklocal,
		43	- NI_MAXHOST);
		44	- else
		45	- strcpy(ipaddr_str, rec->ipv6_linklocal);
		46	+ strlcpy(ipaddr_str, rec->ipv6_linklocal,
		47	+ NI_MAXHOST);
		48	inet_pton(AF_INET6, ipaddr_str,
		49	&ird->ipv6_linklocal);
		50	}
		51
		52	/* For RTR on, ignore the IPv6 addr in the iface */
		53	if (ird->router_autocfg == IPV6_RTR_AUTOCFG_OFF) {
		54	- if (strlen(rec->ipv6_router) > NI_MAXHOST)
		55	- strncpy(ipaddr_str, rec->ipv6_router,
		56	- NI_MAXHOST);
		57	- else
		58	- strcpy(ipaddr_str, rec->ipv6_router);
		59	+ strlcpy(ipaddr_str, rec->ipv6_router,
		60	+ NI_MAXHOST);
		61	inet_pton(AF_INET6, ipaddr_str,
		62	&ird->ipv6_router);
		63	}
		64	@@ -316,10 +307,7 @@ static int decode_iface(struct iface_rec_decode ird, struct iface_rec rec)
		65	calculate_default_netmask(
		66	ird->ipv4_addr.s_addr);
		67
		68	- if (strlen(rec->gateway) > NI_MAXHOST)
		69	- strncpy(ipaddr_str, rec->gateway, NI_MAXHOST);
		70	- else
		71	- strcpy(ipaddr_str, rec->gateway);
		72	+ strlcpy(ipaddr_str, rec->gateway, NI_MAXHOST);
		73	inet_pton(AF_INET, ipaddr_str, &ird->ipv4_gateway);
		74	}
		75	} else {
		76	--
		77	1.9.1
		78


diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch new file mode 100644 index 0000000000..0fa24cd10d --- /dev/null +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch
@@ -0,0 +1,44 @@
		1	From a6efed7601c890ac051ad1425582ec67dbd3f5ff Mon Sep 17 00:00:00 2001
		2	From: Lee Duncan <lduncan@suse.com>
		3	Date: Fri, 15 Dec 2017 11:18:35 -0800
		4	Subject: [PATCH 6/7] Skip useless strcopy, and validate CIDR length
		5
		6	Remove a useless strcpy() that copies a string onto itself,
		7	and ensure the CIDR length "keepbits" is not negative.
		8	Found by Qualsys.
		9
		10	CVE: CVE-2017-17840
		11
		12	Upstream-Status: Backport
		13
		14	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		15	---
		16	iscsiuio/src/unix/iscsid_ipc.c \| 5 ++---
		17	1 file changed, 2 insertions(+), 3 deletions(-)
		18
		19	diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
		20	index 52ae8c6..85742da 100644
		21	--- a/iscsiuio/src/unix/iscsid_ipc.c
		22	+++ b/iscsiuio/src/unix/iscsid_ipc.c
		23	@@ -148,7 +148,7 @@ static int decode_cidr(char in_ipaddr_str, struct iface_rec_decode ird)
		24	char tmp, tok;
		25	char ipaddr_str[NI_MAXHOST];
		26	char str[INET6_ADDRSTRLEN];
		27	- int keepbits = 0;
		28	+ unsigned long keepbits = 0;
		29	struct in_addr ia;
		30	struct in6_addr ia6;
		31
		32	@@ -161,8 +161,7 @@ static int decode_cidr(char in_ipaddr_str, struct iface_rec_decode ird)
		33	tmp = ipaddr_str;
		34	tok = strsep(&tmp, "/");
		35	LOG_INFO(PFX "in cidr: bitmask '%s' ip '%s'", tmp, tok);
		36	- keepbits = atoi(tmp);
		37	- strcpy(ipaddr_str, tok);
		38	+ keepbits = strtoull(tmp, NULL, 10);
		39	}
		40
		41	/* Determine if the IP address passed from the iface file is
		42	--
		43	1.9.1
		44


diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0007-Check-iscsiuio-ping-data-length-for-validity.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0007-Check-iscsiuio-ping-data-length-for-validity.patch new file mode 100644 index 0000000000..c63c0a8d56 --- /dev/null +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0007-Check-iscsiuio-ping-data-length-for-validity.patch
@@ -0,0 +1,64 @@
		1	From 5df60ad8b22194391af34c1a7e54776b0372ffed Mon Sep 17 00:00:00 2001
		2	From: Lee Duncan <lduncan@suse.com>
		3	Date: Fri, 15 Dec 2017 11:21:15 -0800
		4	Subject: [PATCH 7/7] Check iscsiuio ping data length for validity
		5
		6	We do not trust that the received ping packet data length
		7	is correct, so sanity check it. Found by Qualsys.
		8
		9	CVE: CVE-2017-17840
		10
		11	Upstream-Status: Backport
		12
		13	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		14	---
		15	iscsiuio/src/unix/iscsid_ipc.c \| 5 +++++
		16	iscsiuio/src/unix/packet.c \| 2 +-
		17	iscsiuio/src/unix/packet.h \| 2 ++
		18	3 files changed, 8 insertions(+), 1 deletion(-)
		19
		20	diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
		21	index 85742da..a2caacc 100644
		22	--- a/iscsiuio/src/unix/iscsid_ipc.c
		23	+++ b/iscsiuio/src/unix/iscsid_ipc.c
		24	@@ -333,6 +333,11 @@ static void perform_ping(void arg)
		25
		26	data = (iscsid_uip_broadcast_t *)png_c->data;
		27	datalen = data->u.ping_rec.datalen;
		28	+ if ((datalen > STD_MTU_SIZE) \|\| (datalen < 0)) {
		29	+ LOG_ERR(PFX "Ping datalen invalid: %d", datalen);
		30	+ rc = -EINVAL;
		31	+ goto ping_done;
		32	+ }
		33
		34	memset(dst_addr, 0, sizeof(uip_ip6addr_t));
		35	if (nic_iface->protocol == AF_INET) {
		36	diff --git a/iscsiuio/src/unix/packet.c b/iscsiuio/src/unix/packet.c
		37	index ecea09b..3ce2c6b 100644
		38	--- a/iscsiuio/src/unix/packet.c
		39	+++ b/iscsiuio/src/unix/packet.c
		40	@@ -112,7 +112,7 @@ int alloc_free_queue(nic_t *nic, size_t num_of_packets)
		41	for (i = 0; i < num_of_packets; i++) {
		42	packet_t *pkt;
		43
		44	- pkt = alloc_packet(1500, 1500);
		45	+ pkt = alloc_packet(STD_MTU_SIZE, STD_MTU_SIZE);
		46	if (pkt == NULL) {
		47	goto done;
		48	}
		49	diff --git a/iscsiuio/src/unix/packet.h b/iscsiuio/src/unix/packet.h
		50	index b63d688..19d1db9 100644
		51	--- a/iscsiuio/src/unix/packet.h
		52	+++ b/iscsiuio/src/unix/packet.h
		53	@@ -43,6 +43,8 @@
		54
		55	#include "nic.h"
		56
		57	+#define STD_MTU_SIZE 1500
		58	+
		59	struct nic;
		60	struct nic_interface;
		61
		62	--
		63	1.9.1
		64


diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0.874.bb b/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0.874.bb index 95848d0b33..6c4a867b52 100644 --- a/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0.874.bb +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0.874.bb
@@ -22,6 +22,13 @@ SRC_URI = "git://github.com/open-iscsi/open-iscsi \
22	file://iscsi-initiator.service \	22	file://iscsi-initiator.service \
23	file://iscsi-initiator-targets.service \	23	file://iscsi-initiator-targets.service \
24	file://set_initiatorname \	24	file://set_initiatorname \
		25	file://0001-Check-for-root-peer-user-for-iscsiuio-IPC.patch \
		26	file://0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch \
		27	file://0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch \
		28	file://0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch \
		29	file://0005-Ensure-strings-from-peer-are-copied-correctly.patch \
		30	file://0006-Skip-useless-strcopy-and-validate-CIDR-length.patch \
		31	file://0007-Check-iscsiuio-ping-data-length-for-validity.patch \
25	"	32	"
26		33
27	S = "${WORKDIR}/git"	34	S = "${WORKDIR}/git"