diff options
author | Nicholas Bellinger <nab@linux-iscsi.org> | 2011-09-16 04:44:54 -0400 |
---|---|---|
committer | Nicholas Bellinger <nab@linux-iscsi.org> | 2011-09-16 15:37:18 -0400 |
commit | 2ff017f5b4299e24a7f22d9a336dd162bf52bb54 (patch) | |
tree | 71b896a42d7576dd751abf65adbf85f4a7726641 /drivers/target/iscsi/iscsi_target_parameters.c | |
parent | 784eb99ebad91db4c8c231c4b17f203147ab827b (diff) |
iscsi-target: Disable markers + remove dangerous local scope array usage
This patch makes iscsi-target explictly disable OFMarker=Yes and IFMarker=yes
parameter key usage during iscsi login by setting IFMarkInt_Reject and
OFMarkInt_Reject values in iscsi_enforce_integrity_rules() to effectively
disable iscsi marker usage. With this patch, an initiator proposer asking
to enable either marker parameter keys will be issued a 'No' response, and
the target sets OFMarkInt + IFMarkInt parameter key response to 'Irrelevant'.
With markers disabled during iscsi login, this patch removes the problematic
on-stack local-scope array for marker intervals in iscsit_do_rx_data() +
iscsit_do_tx_data(), and other related marker code in iscsi_target_util.c.
This fixes a potentional stack smashing scenario with small range markers
enabled and a large MRDSL as reported by DanC here:
[bug report] target: stack can be smashed
http://www.spinics.net/lists/target-devel/msg00453.html
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'drivers/target/iscsi/iscsi_target_parameters.c')
-rw-r--r-- | drivers/target/iscsi/iscsi_target_parameters.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c index 497b2e718a76..5b773160200f 100644 --- a/drivers/target/iscsi/iscsi_target_parameters.c +++ b/drivers/target/iscsi/iscsi_target_parameters.c | |||
@@ -1430,7 +1430,7 @@ static int iscsi_enforce_integrity_rules( | |||
1430 | u8 DataSequenceInOrder = 0; | 1430 | u8 DataSequenceInOrder = 0; |
1431 | u8 ErrorRecoveryLevel = 0, SessionType = 0; | 1431 | u8 ErrorRecoveryLevel = 0, SessionType = 0; |
1432 | u8 IFMarker = 0, OFMarker = 0; | 1432 | u8 IFMarker = 0, OFMarker = 0; |
1433 | u8 IFMarkInt_Reject = 0, OFMarkInt_Reject = 0; | 1433 | u8 IFMarkInt_Reject = 1, OFMarkInt_Reject = 1; |
1434 | u32 FirstBurstLength = 0, MaxBurstLength = 0; | 1434 | u32 FirstBurstLength = 0, MaxBurstLength = 0; |
1435 | struct iscsi_param *param = NULL; | 1435 | struct iscsi_param *param = NULL; |
1436 | 1436 | ||