diff options
Diffstat (limited to 'meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch')
-rw-r--r-- | meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch deleted file mode 100644 index 0fa24cd10d..0000000000 --- a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0006-Skip-useless-strcopy-and-validate-CIDR-length.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a6efed7601c890ac051ad1425582ec67dbd3f5ff Mon Sep 17 00:00:00 2001 -From: Lee Duncan <lduncan@suse.com> -Date: Fri, 15 Dec 2017 11:18:35 -0800 -Subject: [PATCH 6/7] Skip useless strcopy, and validate CIDR length - -Remove a useless strcpy() that copies a string onto itself, -and ensure the CIDR length "keepbits" is not negative. -Found by Qualsys. - -CVE: CVE-2017-17840 - -Upstream-Status: Backport - -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> ---- - iscsiuio/src/unix/iscsid_ipc.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c -index 52ae8c6..85742da 100644 ---- a/iscsiuio/src/unix/iscsid_ipc.c -+++ b/iscsiuio/src/unix/iscsid_ipc.c -@@ -148,7 +148,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird) - char *tmp, *tok; - char ipaddr_str[NI_MAXHOST]; - char str[INET6_ADDRSTRLEN]; -- int keepbits = 0; -+ unsigned long keepbits = 0; - struct in_addr ia; - struct in6_addr ia6; - -@@ -161,8 +161,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird) - tmp = ipaddr_str; - tok = strsep(&tmp, "/"); - LOG_INFO(PFX "in cidr: bitmask '%s' ip '%s'", tmp, tok); -- keepbits = atoi(tmp); -- strcpy(ipaddr_str, tok); -+ keepbits = strtoull(tmp, NULL, 10); - } - - /* Determine if the IP address passed from the iface file is --- -1.9.1 - |