diff options
Diffstat (limited to 'meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch')
-rw-r--r-- | meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch | 78 |
1 files changed, 0 insertions, 78 deletions
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch deleted file mode 100644 index b73b01120..000000000 --- a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0005-Ensure-strings-from-peer-are-copied-correctly.patch +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | From c9fc86a50459776d9a7abb609f6503c57d69e034 Mon Sep 17 00:00:00 2001 | ||
2 | From: Lee Duncan <lduncan@suse.com> | ||
3 | Date: Fri, 15 Dec 2017 11:15:26 -0800 | ||
4 | Subject: [PATCH 5/7] Ensure strings from peer are copied correctly. | ||
5 | |||
6 | The method of using strlen() and strcpy()/strncpy() has | ||
7 | a couple of holes. Do not try to measure the length of | ||
8 | strings supplied from peer, and ensure copied strings are | ||
9 | NULL-terminated. Use the new strlcpy() instead. | ||
10 | Found by Qualsys. | ||
11 | |||
12 | CVE: CVE-2017-17840 | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | |||
16 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
17 | --- | ||
18 | iscsiuio/src/unix/iscsid_ipc.c | 24 ++++++------------------ | ||
19 | 1 file changed, 6 insertions(+), 18 deletions(-) | ||
20 | |||
21 | diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c | ||
22 | index bde8d66..52ae8c6 100644 | ||
23 | --- a/iscsiuio/src/unix/iscsid_ipc.c | ||
24 | +++ b/iscsiuio/src/unix/iscsid_ipc.c | ||
25 | @@ -152,10 +152,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird) | ||
26 | struct in_addr ia; | ||
27 | struct in6_addr ia6; | ||
28 | |||
29 | - if (strlen(in_ipaddr_str) > NI_MAXHOST) | ||
30 | - strncpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST); | ||
31 | - else | ||
32 | - strcpy(ipaddr_str, in_ipaddr_str); | ||
33 | + strlcpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST); | ||
34 | |||
35 | /* Find the CIDR if any */ | ||
36 | tmp = strchr(ipaddr_str, '/'); | ||
37 | @@ -287,22 +284,16 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec) | ||
38 | |||
39 | /* For LL on, ignore the IPv6 addr in the iface */ | ||
40 | if (ird->linklocal_autocfg == IPV6_LL_AUTOCFG_OFF) { | ||
41 | - if (strlen(rec->ipv6_linklocal) > NI_MAXHOST) | ||
42 | - strncpy(ipaddr_str, rec->ipv6_linklocal, | ||
43 | - NI_MAXHOST); | ||
44 | - else | ||
45 | - strcpy(ipaddr_str, rec->ipv6_linklocal); | ||
46 | + strlcpy(ipaddr_str, rec->ipv6_linklocal, | ||
47 | + NI_MAXHOST); | ||
48 | inet_pton(AF_INET6, ipaddr_str, | ||
49 | &ird->ipv6_linklocal); | ||
50 | } | ||
51 | |||
52 | /* For RTR on, ignore the IPv6 addr in the iface */ | ||
53 | if (ird->router_autocfg == IPV6_RTR_AUTOCFG_OFF) { | ||
54 | - if (strlen(rec->ipv6_router) > NI_MAXHOST) | ||
55 | - strncpy(ipaddr_str, rec->ipv6_router, | ||
56 | - NI_MAXHOST); | ||
57 | - else | ||
58 | - strcpy(ipaddr_str, rec->ipv6_router); | ||
59 | + strlcpy(ipaddr_str, rec->ipv6_router, | ||
60 | + NI_MAXHOST); | ||
61 | inet_pton(AF_INET6, ipaddr_str, | ||
62 | &ird->ipv6_router); | ||
63 | } | ||
64 | @@ -316,10 +307,7 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec) | ||
65 | calculate_default_netmask( | ||
66 | ird->ipv4_addr.s_addr); | ||
67 | |||
68 | - if (strlen(rec->gateway) > NI_MAXHOST) | ||
69 | - strncpy(ipaddr_str, rec->gateway, NI_MAXHOST); | ||
70 | - else | ||
71 | - strcpy(ipaddr_str, rec->gateway); | ||
72 | + strlcpy(ipaddr_str, rec->gateway, NI_MAXHOST); | ||
73 | inet_pton(AF_INET, ipaddr_str, &ird->ipv4_gateway); | ||
74 | } | ||
75 | } else { | ||
76 | -- | ||
77 | 1.9.1 | ||
78 | |||