diff options
Diffstat (limited to 'meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch')
| -rw-r--r-- | meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch new file mode 100644 index 0000000000..1f5202ec02 --- /dev/null +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch @@ -0,0 +1,39 @@ +From 035bb16845537351e1bccb16d38981754fd53129 Mon Sep 17 00:00:00 2001 +From: Lee Duncan <lduncan@suse.com> +Date: Fri, 15 Dec 2017 10:37:56 -0800 +Subject: [PATCH 2/7] iscsiuio should ignore bogus iscsid broadcast packets + +When iscsiuio is receiving broadcast packets from iscsid, +if the 'payload_len', carried in the packet, is too +large then ignore the packet and print a message. +Found by Qualsys. + +CVE: CVE-2017-17840 + +Upstream-Status: Backport + +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + iscsiuio/src/unix/iscsid_ipc.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c +index 08e49e5..dfdae63 100644 +--- a/iscsiuio/src/unix/iscsid_ipc.c ++++ b/iscsiuio/src/unix/iscsid_ipc.c +@@ -950,6 +950,12 @@ int process_iscsid_broadcast(int s2) + + cmd = data->header.command; + payload_len = data->header.payload_len; ++ if (payload_len > sizeof(data->u)) { ++ LOG_ERR(PFX "Data payload length too large (%d). Corrupt payload?", ++ payload_len); ++ rc = -EINVAL; ++ goto error; ++ } + + LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d", + cmd, payload_len); +-- +1.9.1 + |