Hi Nic/Greg,
Sorry for not paying close enough attention when this went by, but it
looks like the backport of commit 79d59d08082d ("iscsi-target: Fix
wrong buffer / buffer overrun in iscsi_change_param_value()") to 3.10,
namely commit d5c55fa31a29, is incorrect.
In particular, the upstream version of iscsi_target_login.c has the
following code, brought in by 79d59d08082d:
static int iscsi_login_non_zero_tsih_s2(
struct iscsi_conn *conn,
unsigned char *buf)
{
...
if (iscsi_change_param_sprintf(conn,
"TargetPortalGroupTag=%hu", sess->tpg->tpgt))
return -1;
while the 3.10.45 / d5c55fa31a29 version still has:
static int iscsi_login_non_zero_tsih_s2(
struct iscsi_conn *conn,
unsigned char *buf)
{
...
memset(buf, 0, 32);
sprintf(buf, "TargetPortalGroupTag=%hu",
ISCSI_TPG_S(sess)->tpgt);
if (iscsi_change_param_value(buf, conn->param_list, 0) < 0) {
iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
ISCSI_LOGIN_STATUS_NO_RESOURCES);
return -1;
}
which still has the bug of using the "buf" parameter as a temporary
buffer.
So I think we want the patch below applied to 3.10. I checked the
3.14 tree and it looks OK.
---------- >8 ----------
>From a0d940800b9161a6cbe57044d4a425d61f38d101 Mon Sep 17 00:00:00 2001
From: Roland Dreier <[email protected]>
Date: Mon, 30 Jun 2014 06:55:49 -0700
Subject: [PATCH] iscsi-target: Re-add chunk from backport of upstream
79d59d08082d to 3.10
Commit d5c55fa31a29, the backport of upstream 79d59d08082d
("iscsi-target: Fix wrong buffer / buffer overrun in
iscsi_change_param_value()") left out applying one chunk of the fix in
iscsi_login_non_zero_tsih_s2(). Add the missing chunk.
Signed-off-by: Roland Dreier <[email protected]>
---
drivers/target/iscsi/iscsi_target_login.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/drivers/target/iscsi/iscsi_target_login.c
b/drivers/target/iscsi/iscsi_target_login.c
index 0d6c3dd25679..e14e105acff8 100644
--- a/drivers/target/iscsi/iscsi_target_login.c
+++ b/drivers/target/iscsi/iscsi_target_login.c
@@ -597,13 +597,8 @@ static int iscsi_login_non_zero_tsih_s2(
*
* In our case, we have already located the struct iscsi_tiqn at this
point.
*/
- memset(buf, 0, 32);
- sprintf(buf, "TargetPortalGroupTag=%hu", ISCSI_TPG_S(sess)->tpgt);
- if (iscsi_change_param_value(buf, conn->param_list, 0) < 0) {
- iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
- ISCSI_LOGIN_STATUS_NO_RESOURCES);
+ if (iscsi_change_param_sprintf(conn, "TargetPortalGroupTag=%hu",
sess->tpg->tpgt))
return -1;
- }
return iscsi_login_disable_FIM_keys(conn->param_list, conn);
}
--
2.0.0
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
