linaro-lsk.git - [no description]

diff options

author	Kees Cook <keescook@chromium.org>	2013-05-23 10:32:17 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-06-07 12:53:20 -0700
commit	a6ff6ba26bd680f6c2afe0e599ffde19f9c41cb2 (patch)
tree	8627ed887e00122f4fdfac6eda56368ec4e7f791 /drivers/target/target_core_pscsi.c
parent	4fdf4857d1deca93307532525857dc7490641af5 (diff)

iscsi-target: fix heap buffer overflow on error

commit cea4dcfdad926a27a18e188720efe0f2c9403456 upstream. If a key was larger than 64 bytes, as checked by iscsi_check_key(), the error response packet, generated by iscsi_add_notunderstood_response(), would still attempt to copy the entire key into the packet, overflowing the structure on the heap. Remote preauthentication kernel memory corruption was possible if a target was configured and listening on the network. CVE-2013-2850 Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'drivers/target/target_core_pscsi.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: