iscsi-target: fix heap buffer overflow on error - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Kees Cook <[email protected]>	2013-05-23 10:32:17 -0700
committer	Nicholas Bellinger <[email protected]>	2013-05-30 18:07:54 -0700
commit	cea4dcfdad926a27a18e188720efe0f2c9403456 (patch)
tree	7ae6fd132bbd1e7cd888dcaae6946cecfd20a2e1 /drivers/scsi/mpt2sas/mpi/mpi2_raid.h
parent	21363ca873334391992f2f424856aa864345bb61 (diff)

iscsi-target: fix heap buffer overflow on error

If a key was larger than 64 bytes, as checked by iscsi_check_key(), the error response packet, generated by iscsi_add_notunderstood_response(), would still attempt to copy the entire key into the packet, overflowing the structure on the heap. Remote preauthentication kernel memory corruption was possible if a target was configured and listening on the network. CVE-2013-2850 Signed-off-by: Kees Cook <[email protected]> Cc: [email protected] Signed-off-by: Nicholas Bellinger <[email protected]>

Diffstat (limited to 'drivers/scsi/mpt2sas/mpi/mpi2_raid.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: