Author: trasz Date: Tue Sep 1 14:52:35 2020 New Revision: 365040 URL: https://svnweb.freebsd.org/changeset/base/365040
Log: Fix string overflow that could occur during redirection due to passing the wrong length to strlcpy(3). It looks like it could overflow into the next field, isc_user, which is properly long to accomodate for it; I don't think it could cause any harm other than breaking the connection. Reviewed by: mav MFC after: 2 weeks Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D26247 Modified: head/usr.sbin/iscsid/login.c Modified: head/usr.sbin/iscsid/login.c ============================================================================== --- head/usr.sbin/iscsid/login.c Tue Sep 1 14:50:43 2020 (r365039) +++ head/usr.sbin/iscsid/login.c Tue Sep 1 14:52:35 2020 (r365040) @@ -170,7 +170,7 @@ kernel_modify(const struct connection *conn, const cha ism.ism_session_id = conn->conn_session_id; memcpy(&ism.ism_conf, &conn->conn_conf, sizeof(ism.ism_conf)); strlcpy(ism.ism_conf.isc_target_addr, target_address, - sizeof(ism.ism_conf.isc_target)); + sizeof(ism.ism_conf.isc_target_addr)); error = ioctl(conn->conn_iscsi_fd, ISCSISMODIFY, &ism); if (error != 0) { log_err(1, "failed to redirect to %s: ISCSISMODIFY", _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "[email protected]"
