diff options
Diffstat (limited to 'meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch')
-rw-r--r-- | meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch deleted file mode 100644 index 1f5202ec0..000000000 --- a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | From 035bb16845537351e1bccb16d38981754fd53129 Mon Sep 17 00:00:00 2001 | ||
2 | From: Lee Duncan <lduncan@suse.com> | ||
3 | Date: Fri, 15 Dec 2017 10:37:56 -0800 | ||
4 | Subject: [PATCH 2/7] iscsiuio should ignore bogus iscsid broadcast packets | ||
5 | |||
6 | When iscsiuio is receiving broadcast packets from iscsid, | ||
7 | if the 'payload_len', carried in the packet, is too | ||
8 | large then ignore the packet and print a message. | ||
9 | Found by Qualsys. | ||
10 | |||
11 | CVE: CVE-2017-17840 | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | |||
15 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
16 | --- | ||
17 | iscsiuio/src/unix/iscsid_ipc.c | 6 ++++++ | ||
18 | 1 file changed, 6 insertions(+) | ||
19 | |||
20 | diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c | ||
21 | index 08e49e5..dfdae63 100644 | ||
22 | --- a/iscsiuio/src/unix/iscsid_ipc.c | ||
23 | +++ b/iscsiuio/src/unix/iscsid_ipc.c | ||
24 | @@ -950,6 +950,12 @@ int process_iscsid_broadcast(int s2) | ||
25 | |||
26 | cmd = data->header.command; | ||
27 | payload_len = data->header.payload_len; | ||
28 | + if (payload_len > sizeof(data->u)) { | ||
29 | + LOG_ERR(PFX "Data payload length too large (%d). Corrupt payload?", | ||
30 | + payload_len); | ||
31 | + rc = -EINVAL; | ||
32 | + goto error; | ||
33 | + } | ||
34 | |||
35 | LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d", | ||
36 | cmd, payload_len); | ||
37 | -- | ||
38 | 1.9.1 | ||
39 | |||