commit 381e50d930be0ea4343a20a0c62b8171468629a1
Author: Hannes Reinecke <[email protected]>
Date: Tue Feb 10 10:52:23 2009 +0100
Overflow in search_ibft()
search_ibft() checks for the search boundaries, but fails to
accomodate for the length of the search string.
References: 471475
Signed-off-by: Hannes Reinecke <[email protected]>
diff --git a/utils/fwparam_ibft/fwparam_ibft.c
b/utils/fwparam_ibft/fwparam_ibft.c
index 02f8ac8..e0ed4a1 100644
--- a/utils/fwparam_ibft/fwparam_ibft.c
+++ b/utils/fwparam_ibft/fwparam_ibft.c
@@ -415,7 +415,7 @@ char *search_ibft(unsigned char *start, int length)
cur_ptr = (unsigned char *)start;
for (cur_ptr = (unsigned char *)start;
- cur_ptr < (start + length);
+ cur_ptr < (start + length - strlen(iBFTSTR));
cur_ptr++) {
if (memcmp(cur_ptr, iBFTSTR,strlen(iBFTSTR)))
continue;
--
You received this message because you are subscribed to the Google Groups
"open-iscsi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/open-iscsi?hl=en.
