iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/target
History
Kees Cook cea4dcfdad iscsi-target: fix heap buffer overflow on error 
If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
error response packet, generated by iscsi_add_notunderstood_response(),
would still attempt to copy the entire key into the packet, overflowing
the structure on the heap.

Remote preauthentication kernel memory corruption was possible if a
target was configured and listening on the network.

CVE-2013-2850

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-30 18:07:54 -07:00
..
iscsi
iscsi-target: fix heap buffer overflow on error
2013-05-30 18:07:54 -07:00
loopback
tcm: switch to ->show_info()
2013-04-09 14:13:19 -04:00
sbp
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
2013-03-02 11:43:27 -08:00
tcm_fc
tcm_fc: Check for aborted sequence
2013-04-25 01:05:28 -07:00
Kconfig
sbp-target: Initial merge of firewire/ieee-1394 target mode support
2012-05-09 15:25:17 -07:00
Makefile
target: move code for CDB emulation
2012-07-16 17:27:45 -07:00
target_core_alua.c
target: Fix incorrect fallthrough of ALUA Standby/Offline/Transition CDBs
2013-04-11 01:48:49 -07:00
target_core_alua.h
target: pass sense_reason as a return value
2012-11-06 20:55:46 -08:00
target_core_configfs.c
target: Have dev/enable show if TCM device is configured
2013-05-03 16:46:02 -07:00
target_core_device.c
target: Remove unused struct members in se_dev_entry
2013-05-03 16:42:18 -07:00
target_core_fabric_configfs.c
target: Add missing mapped_lun bounds checking during make_mappedlun setup
2013-02-18 18:47:28 -08:00
target_core_fabric_lib.c
target: Update copyright information to 2012
2012-11-27 22:47:02 -08:00
target_core_file.c
target/file: Fix off-by-one READ_CAPACITY bug for !S_ISBLK export
2013-05-30 17:46:27 -07:00
target_core_file.h
target/file: Bump FD_MAX_SECTORS to 2048 to handle 1M sized I/Os
2013-03-19 17:24:28 -07:00
target_core_hba.c
target: Update copyright information to 2012
2012-11-27 22:47:02 -08:00
target_core_iblock.c
target/iblock: Fix WCE=1 + DPOFUA=1 backend WRITE regression
2013-05-15 01:46:34 -07:00
target_core_iblock.h
target: kill struct se_subsystem_dev
2012-11-06 20:55:43 -08:00
target_core_internal.h
target: Remove unused struct members in se_dev_entry
2013-05-03 16:42:18 -07:00
target_core_pr.c
target: writev() on single-element vector is pointless
2013-02-26 02:46:11 -05:00
target_core_pr.h
target: pass sense_reason as a return value
2012-11-06 20:55:46 -08:00
target_core_pscsi.c
target/pscsi: Reject cross page boundary case in pscsi_map_sg
2013-03-19 17:31:14 -07:00
target_core_pscsi.h
target: kill struct se_subsystem_dev
2012-11-06 20:55:43 -08:00
target_core_rd.c
target/rd: Add ramdisk bit for NULLIO operation
2013-05-11 16:22:39 -07:00
target_core_rd.h
target/rd: Add ramdisk bit for NULLIO operation
2013-05-11 16:22:39 -07:00
target_core_sbc.c
target: Add sbc_execute_unmap() helper
2013-04-25 01:05:24 -07:00
target_core_spc.c
target: Fix parameter list length checking in MODE SELECT
2013-02-13 12:16:11 -08:00
target_core_stat.c
target: Update copyright information to 2012
2012-11-27 22:47:02 -08:00
target_core_tmr.c
target: Remove useless if statement
2013-02-13 11:27:22 -08:00
target_core_tpg.c
target: fix possible memory leak in core_tpg_register()
2013-03-18 12:45:52 -07:00
target_core_transport.c
target: Re-instate sess_wait_list for target_wait_for_sess_cmds
2013-05-29 21:30:33 -07:00
target_core_ua.c
target: Update copyright information to 2012
2012-11-27 22:47:02 -08:00
target_core_ua.h
target: pass sense_reason as a return value
2012-11-06 20:55:46 -08:00