diff options
Diffstat (limited to 'meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch')
| -rw-r--r-- | meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch deleted file mode 100644 index 274722c23..000000000 --- a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch +++ /dev/null | |||
| @@ -1,62 +0,0 @@ | |||
| 1 | From 8167e5ce99682f64918a20966ce393cd33ac67ef Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Lee Duncan <lduncan@suse.com> | ||
| 3 | Date: Fri, 15 Dec 2017 11:13:29 -0800 | ||
| 4 | Subject: [PATCH 4/7] Do not double-close IPC file stream to iscsid | ||
| 5 | |||
| 6 | A double-close of a file descriptor and its associated FILE stream | ||
| 7 | can be an issue in multi-threaded cases. Found by Qualsys. | ||
| 8 | |||
| 9 | CVE: CVE-2017-17840 | ||
| 10 | |||
| 11 | Upstream-Status: Backport | ||
| 12 | |||
| 13 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
| 14 | --- | ||
| 15 | iscsiuio/src/unix/iscsid_ipc.c | 9 +++++++-- | ||
| 16 | 1 file changed, 7 insertions(+), 2 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c | ||
| 19 | index 61e96cc..bde8d66 100644 | ||
| 20 | --- a/iscsiuio/src/unix/iscsid_ipc.c | ||
| 21 | +++ b/iscsiuio/src/unix/iscsid_ipc.c | ||
| 22 | @@ -913,6 +913,9 @@ early_exit: | ||
| 23 | /** | ||
| 24 | * process_iscsid_broadcast() - This function is used to process the | ||
| 25 | * broadcast messages from iscsid | ||
| 26 | + * | ||
| 27 | + * s2 is an open file descriptor, which | ||
| 28 | + * must not be left open upon return | ||
| 29 | */ | ||
| 30 | int process_iscsid_broadcast(int s2) | ||
| 31 | { | ||
| 32 | @@ -928,6 +931,7 @@ int process_iscsid_broadcast(int s2) | ||
| 33 | if (fd == NULL) { | ||
| 34 | LOG_ERR(PFX "Couldn't open file descriptor: %d(%s)", | ||
| 35 | errno, strerror(errno)); | ||
| 36 | + close(s2); | ||
| 37 | return -EIO; | ||
| 38 | } | ||
| 39 | |||
| 40 | @@ -1030,7 +1034,8 @@ int process_iscsid_broadcast(int s2) | ||
| 41 | } | ||
| 42 | |||
| 43 | error: | ||
| 44 | - free(data); | ||
| 45 | + if (data) | ||
| 46 | + free(data); | ||
| 47 | fclose(fd); | ||
| 48 | |||
| 49 | return rc; | ||
| 50 | @@ -1132,8 +1137,8 @@ static void *iscsid_loop(void *arg) | ||
| 51 | break; | ||
| 52 | } | ||
| 53 | |||
| 54 | + /* this closes the file descriptor s2 */ | ||
| 55 | process_iscsid_broadcast(s2); | ||
| 56 | - close(s2); | ||
| 57 | } | ||
| 58 | |||
| 59 | pthread_cleanup_pop(0); | ||
| 60 | -- | ||
| 61 | 1.9.1 | ||
| 62 | |||