diff options
author | Kees Cook <keescook@chromium.org> | 2013-05-23 10:32:17 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-06-07 12:53:20 -0700 |
commit | a6ff6ba26bd680f6c2afe0e599ffde19f9c41cb2 (patch) | |
tree | 8627ed887e00122f4fdfac6eda56368ec4e7f791 /drivers/target/target_core_pscsi.c | |
parent | 4fdf4857d1deca93307532525857dc7490641af5 (diff) |
iscsi-target: fix heap buffer overflow on error
commit cea4dcfdad926a27a18e188720efe0f2c9403456 upstream.
If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
error response packet, generated by iscsi_add_notunderstood_response(),
would still attempt to copy the entire key into the packet, overflowing
the structure on the heap.
Remote preauthentication kernel memory corruption was possible if a
target was configured and listening on the network.
CVE-2013-2850
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/target/target_core_pscsi.c')
0 files changed, 0 insertions, 0 deletions