diff options
author | Kees Cook <keescook@chromium.org> | 2013-05-23 21:32:17 +0400 |
---|---|---|
committer | Nicholas Bellinger <nab@linux-iscsi.org> | 2013-05-31 05:07:54 +0400 |
commit | cea4dcfdad926a27a18e188720efe0f2c9403456 (patch) | |
tree | 7ae6fd132bbd1e7cd888dcaae6946cecfd20a2e1 /include/target | |
parent | 21363ca873334391992f2f424856aa864345bb61 (diff) | |
download | linux-cea4dcfdad926a27a18e188720efe0f2c9403456.tar.xz |
iscsi-target: fix heap buffer overflow on error
If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
error response packet, generated by iscsi_add_notunderstood_response(),
would still attempt to copy the entire key into the packet, overflowing
the structure on the heap.
Remote preauthentication kernel memory corruption was possible if a
target was configured and listening on the network.
CVE-2013-2850
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'include/target')
0 files changed, 0 insertions, 0 deletions