diff options
Diffstat (limited to 'meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch')
-rw-r--r-- | meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch | 34 |
1 files changed, 0 insertions, 34 deletions
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch deleted file mode 100644 index 825083b74..000000000 --- a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | From 81d3106cf8f09c79fe20ad7d234d7e1dda27bddb Mon Sep 17 00:00:00 2001 | ||
2 | From: Lee Duncan <lduncan@suse.com> | ||
3 | Date: Fri, 15 Dec 2017 11:11:17 -0800 | ||
4 | Subject: [PATCH 3/7] Ensure all fields in iscsiuio IPC response are set | ||
5 | |||
6 | Make sure all fields in the response strcuture are set, | ||
7 | or info from the stack can be leaked to our caller. | ||
8 | Found by Qualsys. | ||
9 | |||
10 | CVE: CVE-2017-17840 | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | |||
14 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
15 | --- | ||
16 | iscsiuio/src/unix/iscsid_ipc.c | 2 ++ | ||
17 | 1 file changed, 2 insertions(+) | ||
18 | |||
19 | diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c | ||
20 | index dfdae63..61e96cc 100644 | ||
21 | --- a/iscsiuio/src/unix/iscsid_ipc.c | ||
22 | +++ b/iscsiuio/src/unix/iscsid_ipc.c | ||
23 | @@ -960,6 +960,8 @@ int process_iscsid_broadcast(int s2) | ||
24 | LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d", | ||
25 | cmd, payload_len); | ||
26 | |||
27 | + memset(&rsp, 0, sizeof(rsp)); | ||
28 | + | ||
29 | switch (cmd) { | ||
30 | case ISCSID_UIP_IPC_GET_IFACE: | ||
31 | size = fread(&data->u.iface_rec, payload_len, 1, fd); | ||
32 | -- | ||
33 | 1.9.1 | ||
34 | |||