From: Kees Cook <keescook@chromium.org>
Date: Thu, 23 May 2013 17:32:17 +0000 (-0700)
Subject: iscsi-target: fix heap buffer overflow on error
X-Git-Tag: v3.10-rc4~3^2~2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cea4dcfdad926a27a18e188720efe0f2c9403456;p=pandora-kernel.git

iscsi-target: fix heap buffer overflow on error

If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
error response packet, generated by iscsi_add_notunderstood_response(),
would still attempt to copy the entire key into the packet, overflowing
the structure on the heap.

Remote preauthentication kernel memory corruption was possible if a
target was configured and listening on the network.

CVE-2013-2850

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
---

Reading git-diff-tree failed