iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cea4dcfdad
linux/drivers/target
History
Kees Cook cea4dcfdad iscsi-target: fix heap buffer overflow on error 
If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
error response packet, generated by iscsi_add_notunderstood_response(),
would still attempt to copy the entire key into the packet, overflowing
the structure on the heap.

Remote preauthentication kernel memory corruption was possible if a
target was configured and listening on the network.

CVE-2013-2850

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-05-30 18:07:54 -07:00
..
iscsi iscsi-target: fix heap buffer overflow on error 2013-05-30 18:07:54 -07:00
loopback tcm: switch to ->show_info() 2013-04-09 14:13:19 -04:00
sbp Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2013-03-02 11:43:27 -08:00
tcm_fc tcm_fc: Check for aborted sequence 2013-04-25 01:05:28 -07:00
Kconfig sbp-target: Initial merge of firewire/ieee-1394 target mode support 2012-05-09 15:25:17 -07:00
Makefile target: move code for CDB emulation 2012-07-16 17:27:45 -07:00
target_core_alua.c target: Fix incorrect fallthrough of ALUA Standby/Offline/Transition CDBs 2013-04-11 01:48:49 -07:00
target_core_alua.h target: pass sense_reason as a return value 2012-11-06 20:55:46 -08:00
target_core_configfs.c target: Have dev/enable show if TCM device is configured 2013-05-03 16:46:02 -07:00
target_core_device.c target: Remove unused struct members in se_dev_entry 2013-05-03 16:42:18 -07:00
target_core_fabric_configfs.c target: Add missing mapped_lun bounds checking during make_mappedlun setup 2013-02-18 18:47:28 -08:00
target_core_fabric_lib.c target: Update copyright information to 2012 2012-11-27 22:47:02 -08:00
target_core_file.c target/file: Fix off-by-one READ_CAPACITY bug for !S_ISBLK export 2013-05-30 17:46:27 -07:00
target_core_file.h target/file: Bump FD_MAX_SECTORS to 2048 to handle 1M sized I/Os 2013-03-19 17:24:28 -07:00
target_core_hba.c target: Update copyright information to 2012 2012-11-27 22:47:02 -08:00
target_core_iblock.c target/iblock: Fix WCE=1 + DPOFUA=1 backend WRITE regression 2013-05-15 01:46:34 -07:00
target_core_iblock.h target: kill struct se_subsystem_dev 2012-11-06 20:55:43 -08:00
target_core_internal.h target: Remove unused struct members in se_dev_entry 2013-05-03 16:42:18 -07:00
target_core_pr.c target: writev() on single-element vector is pointless 2013-02-26 02:46:11 -05:00
target_core_pr.h target: pass sense_reason as a return value 2012-11-06 20:55:46 -08:00
target_core_pscsi.c target/pscsi: Reject cross page boundary case in pscsi_map_sg 2013-03-19 17:31:14 -07:00
target_core_pscsi.h target: kill struct se_subsystem_dev 2012-11-06 20:55:43 -08:00
target_core_rd.c target/rd: Add ramdisk bit for NULLIO operation 2013-05-11 16:22:39 -07:00
target_core_rd.h target/rd: Add ramdisk bit for NULLIO operation 2013-05-11 16:22:39 -07:00
target_core_sbc.c target: Add sbc_execute_unmap() helper 2013-04-25 01:05:24 -07:00
target_core_spc.c target: Fix parameter list length checking in MODE SELECT 2013-02-13 12:16:11 -08:00
target_core_stat.c target: Update copyright information to 2012 2012-11-27 22:47:02 -08:00
target_core_tmr.c target: Remove useless if statement 2013-02-13 11:27:22 -08:00
target_core_tpg.c target: fix possible memory leak in core_tpg_register() 2013-03-18 12:45:52 -07:00
target_core_transport.c target: Re-instate sess_wait_list for target_wait_for_sess_cmds 2013-05-29 21:30:33 -07:00
target_core_ua.c target: Update copyright information to 2012 2012-11-27 22:47:02 -08:00
target_core_ua.h target: pass sense_reason as a return value 2012-11-06 20:55:46 -08:00