Gitiles
Code Review Sign In
android-review.linaro.org / kernel / hikey-linaro / cea4dcfdad926a27a18e188720efe0f2c9403456
commitcea4dcfdad926a27a18e188720efe0f2c9403456[log] [tgz]
authorKees Cook <keescook@chromium.org>Thu May 23 10:32:17 2013 -0700
committerNicholas Bellinger <nab@linux-iscsi.org>Thu May 30 18:07:54 2013 -0700
tree7ae6fd132bbd1e7cd888dcaae6946cecfd20a2e1
parent21363ca873334391992f2f424856aa864345bb61 [diff]
iscsi-target: fix heap buffer overflow on error

If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
error response packet, generated by iscsi_add_notunderstood_response(),
would still attempt to copy the entire key into the packet, overflowing
the structure on the heap.

Remote preauthentication kernel memory corruption was possible if a
target was configured and listening on the network.

CVE-2013-2850

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2 files changed
tree: 7ae6fd132bbd1e7cd888dcaae6946cecfd20a2e1
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS