Hi Tejas,
On Mon, 2014-06-09 at 15:05 +0530, Tejas Vaykole wrote:
> Hi,
> when i am sending a login request with empty CHAP_I value that is
> ,"CHAP_I=" i am expecting the login reject.
> However,The target accepts the request and sends back the response.
> i have attached the pcap for the same.
>
> My machine details:
> [root ~]#uname -a
> Linux root 3.15.0-rc3+ #1 SMP Mon 19 17:35:27 IST 2014 x86_64 x86_64
> x86_64 GNU/Linux
>
So the 'CHAP_I=' is getting converted to '0' here by simple_strtoul() in
iscsi_target_auth.c:chap_server_compute_md5() code.
Applying the following patch to use kstrtoul() instead, which generates
a -EINVAL and fails the login attempt when 'CHAP_I=' with no value is
received from the initiator.
Please confirm on your end.
Thanks,
--nab
diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
index 19b842c..9430eea 100644
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -174,7 +174,6 @@ static int chap_server_compute_md5(
char *nr_out_ptr,
unsigned int *nr_out_len)
{
- char *endptr;
unsigned long id;
unsigned char id_as_uchar;
unsigned char digest[MD5_SIGNATURE_SIZE];
@@ -320,9 +319,14 @@ static int chap_server_compute_md5(
}
if (type == HEX)
- id = simple_strtoul(&identifier[2], &endptr, 0);
+ ret = kstrtoul(&identifier[2], 0, &id);
else
- id = simple_strtoul(identifier, &endptr, 0);
+ ret = kstrtoul(identifier, 0, &id);
+
+ if (ret < 0) {
+ pr_err("kstrtoul() failed for CHAP identifier: %d\n", ret);
+ goto out;
+ }
if (id > 255) {
pr_err("chap identifier: %lu greater than 255\n", id);
goto out;
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
