git.baikalelectronics.ru Git - kernel.git/commit

author	Kees Cook <keescook@chromium.org>
	Thu, 23 May 2013 17:32:17 +0000 (10:32 -0700)
committer	Nicholas Bellinger <nab@linux-iscsi.org>
	Fri, 31 May 2013 01:07:54 +0000 (18:07 -0700)
commit	779f0051b8f6fcccf332cd18a8664f1dfd26a8d0
tree	7ae6fd132bbd1e7cd888dcaae6946cecfd20a2e1	tree \| snapshot
parent	0cf68ead6aa2b2b8b4718bb975025246f723b5f2	commit \| diff

iscsi-target: fix heap buffer overflow on error

If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
error response packet, generated by iscsi_add_notunderstood_response(),
would still attempt to copy the entire key into the packet, overflowing
the structure on the heap.

Remote preauthentication kernel memory corruption was possible if a
target was configured and listening on the network.

CVE-2013-2850

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

drivers/target/iscsi/iscsi_target_parameters.c		diff \| blob \| history
drivers/target/iscsi/iscsi_target_parameters.h		diff \| blob \| history