summaryrefslogtreecommitdiff
path: root/net/llc/llc_if.c
diff options
context:
space:
mode:
authorRoland Dreier <roland@purestorage.com>2014-05-29 13:32:30 -0700
committerNicholas Bellinger <nab@linux-iscsi.org>2014-06-03 19:17:31 -0700
commit79d59d08082dd0a0a18f8ceb78c99f9f321d72aa (patch)
tree94515b2560bdc01a57939ae00b7ca0c9abc965e4 /net/llc/llc_if.c
parent6cc44a6fb46e1ecc1c28125aa8fa34d317aa9ea7 (diff)
iscsi-target: Fix wrong buffer / buffer overrun in iscsi_change_param_value()
In non-leading connection login, iscsi_login_non_zero_tsih_s1() calls iscsi_change_param_value() with the buffer it uses to hold the login PDU, not a temporary buffer. This leads to the login header getting corrupted and login failing for non-leading connections in MC/S. Fix this by adding a wrapper iscsi_change_param_sprintf() that handles the temporary buffer itself to avoid confusion. Also handle sending a reject in case of failure in the wrapper, which lets the calling code get quite a bit smaller and easier to read. Finally, bump the size of the temporary buffer from 32 to 64 bytes to be safe, since "MaxRecvDataSegmentLength=" by itself is 25 bytes; with a trailing NUL, a value >= 1M will lead to a buffer overrun. (This isn't the default but we don't need to run right at the ragged edge here) Reported-by: Santosh Kulkarni <santosh.kulkarni@calsoftinc.com> Signed-off-by: Roland Dreier <roland@purestorage.com> Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'net/llc/llc_if.c')
0 files changed, 0 insertions, 0 deletions