[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-block] [PULL 20/29] iscsi: Don't blindly use designator length in
From: |
Kevin Wolf |
Subject: |
[Qemu-block] [PULL 20/29] iscsi: Don't blindly use designator length in response for memcpy |
Date: |
Fri, 29 Jun 2018 16:09:50 +0200 |
From: Fam Zheng <address@hidden>
Per SCSI definition the designator_length we receive from INQUIRY is 8,
12 or at most 16, but we should be careful because the remote iscsi
target may misbehave, otherwise we could have a buffer overflow.
Reported-by: Max Reitz <address@hidden>
Signed-off-by: Fam Zheng <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
block/iscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/iscsi.c b/block/iscsi.c
index bc84b14e20..9beb06d498 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -2226,7 +2226,7 @@ static void iscsi_populate_target_desc(unsigned char
*desc, IscsiLun *lun)
desc[5] = (dd->designator_type & 0xF)
| ((dd->association & 3) << 4);
desc[7] = dd->designator_length;
- memcpy(desc + 8, dd->designator, dd->designator_length);
+ memcpy(desc + 8, dd->designator, MIN(dd->designator_length, 20));
desc[28] = 0;
desc[29] = (lun->block_size >> 16) & 0xFF;
--
2.13.6
- [Qemu-block] [PULL 09/29] block: Move bdrv_truncate() implementation to io.c, (continued)
- [Qemu-block] [PULL 09/29] block: Move bdrv_truncate() implementation to io.c, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 13/29] block: Move request tracking to children in copy offloading, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 12/29] qcow2: Remove dead check on !ret, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 14/29] block/crypto: Simplify block_crypto_{open, create}_opts_init(), Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 16/29] qcow2: Free allocated clusters on write error, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 17/29] qemu-iotests: Test qcow2 not leaking clusters on write error, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 18/29] file-posix: Implement co versions of discard/flush, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 15/29] qemu-iotests: Update 026.out.nocache reference output, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 24/29] qcow: Switch qcow_co_readv to byte-based calls, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 21/29] file-posix: Fix EINTR handling, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 20/29] iscsi: Don't blindly use designator length in response for memcpy,
Kevin Wolf <=
- [Qemu-block] [PULL 22/29] parallels: Switch to byte-based calls, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 23/29] qcow: Switch get_cluster_offset to be byte-based, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 19/29] qcow2: Fix src_offset in copy offloading, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 26/29] qcow: Switch to a byte-based driver, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 25/29] qcow: Switch qcow_co_writev to byte-based calls, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 27/29] replication: Switch to byte-based calls, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 28/29] vhdx: Switch to byte-based calls, Kevin Wolf, 2018/06/29
- [Qemu-block] [PULL 29/29] block: Remove unused sector-based vectored I/O, Kevin Wolf, 2018/06/29
- Re: [Qemu-block] [PULL 00/29] Block layer patches, Peter Maydell, 2018/06/30