On Thu, 2014-05-29 at 13:32 -0700, Roland Dreier wrote: > From: Roland Dreier <roland@xxxxxxxxxxxxxxx> > > In non-leading connection login, iscsi_login_non_zero_tsih_s1() calls > iscsi_change_param_value() with the buffer it uses to hold the login > PDU, not a temporary buffer. This leads to the login header getting > corrupted and login failing for non-leading connections in MC/S. > > Fix this by adding a wrapper iscsi_change_param_sprintf() that handles > the temporary buffer itself to avoid confusion. Also handle sending a > reject in case of failure in the wrapper, which lets the calling code > get quite a bit smaller and easier to read. > > Finally, bump the size of the temporary buffer from 32 to 64 bytes to be > safe, since "MaxRecvDataSegmentLength=" by itself is 25 bytes; with a > trailing NUL, a value >= 1M will lead to a buffer overrun. (This isn't > the default but we don't need to run right at the ragged edge here) > > Reported-by: Santosh Kulkarni <santosh.kulkarni@xxxxxxxxxxxxxx> > Signed-off-by: Roland Dreier <roland@xxxxxxxxxxxxxxx> > --- > drivers/target/iscsi/iscsi_target_login.c | 70 ++++++++++++++----------------- > 1 file changed, 31 insertions(+), 39 deletions(-) > Applied with a CC' to v3.10.y stable. Thanks Roland! --nab -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
