[PATCH for 3.10] iscsi-target: Re-add chunk from backport of upstream 79d59d08082d to 3.10

Roland Dreier <roland@xxxxxxxxxx> · Mon, 30 Jun 2014 07:02:20 -0700

Hi Nic/Greg,

Sorry for not paying close enough attention when this went by, but it
looks like the backport of commit 79d59d08082d ("iscsi-target: Fix
wrong buffer / buffer overrun in iscsi_change_param_value()") to 3.10,
namely commit d5c55fa31a29, is incorrect.

In particular, the upstream version of iscsi_target_login.c has the
following code, brought in by 79d59d08082d:

	static int iscsi_login_non_zero_tsih_s2(
		struct iscsi_conn *conn,
		unsigned char *buf)
	{

...

		if (iscsi_change_param_sprintf(conn, "TargetPortalGroupTag=%hu", sess->tpg->tpgt))
			return -1;

while the 3.10.45 / d5c55fa31a29 version still has:

	static int iscsi_login_non_zero_tsih_s2(
		struct iscsi_conn *conn,
		unsigned char *buf)
	{

...

		memset(buf, 0, 32);
		sprintf(buf, "TargetPortalGroupTag=%hu", ISCSI_TPG_S(sess)->tpgt);
		if (iscsi_change_param_value(buf, conn->param_list, 0) < 0) {
			iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
					ISCSI_LOGIN_STATUS_NO_RESOURCES);
			return -1;
		}

which still has the bug of using the "buf" parameter as a temporary
buffer.

So I think we want the patch below applied to 3.10.  I checked the
3.14 tree and it looks OK.

---------- >8 ----------

>From a0d940800b9161a6cbe57044d4a425d61f38d101 Mon Sep 17 00:00:00 2001
From: Roland Dreier <roland@xxxxxxxxxxxxxxx>
Date: Mon, 30 Jun 2014 06:55:49 -0700
Subject: [PATCH] iscsi-target: Re-add chunk from backport of upstream
 79d59d08082d to 3.10

Commit d5c55fa31a29, the backport of upstream 79d59d08082d
("iscsi-target: Fix wrong buffer / buffer overrun in
iscsi_change_param_value()") left out applying one chunk of the fix in
iscsi_login_non_zero_tsih_s2().  Add the missing chunk.

Signed-off-by: Roland Dreier <roland@xxxxxxxxxxxxxxx>
---
 drivers/target/iscsi/iscsi_target_login.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c
index 0d6c3dd25679..e14e105acff8 100644
--- a/drivers/target/iscsi/iscsi_target_login.c
+++ b/drivers/target/iscsi/iscsi_target_login.c
@@ -597,13 +597,8 @@ static int iscsi_login_non_zero_tsih_s2(
 	 *
 	 * In our case, we have already located the struct iscsi_tiqn at this point.
 	 */
-	memset(buf, 0, 32);
-	sprintf(buf, "TargetPortalGroupTag=%hu", ISCSI_TPG_S(sess)->tpgt);
-	if (iscsi_change_param_value(buf, conn->param_list, 0) < 0) {
-		iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
-				ISCSI_LOGIN_STATUS_NO_RESOURCES);
+	if (iscsi_change_param_sprintf(conn, "TargetPortalGroupTag=%hu", sess->tpg->tpgt))
 		return -1;
-	}
 
 	return iscsi_login_disable_FIM_keys(conn->param_list, conn);
 }
-- 
2.0.0

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







