Hi Rahul,
On Mon, 2014-06-09 at 17:15 +0530, rahul.rane wrote:
> Hi,
> RFC 3720 Clause 11.1.4 says that the iSCSI target is expected to send a
> Login reject when it receives the CHAP_C binary length value greater
> than 1024 bytes.
>
> However ,i find that LIO is accepting the CHAP_C of bunary length
> exceeding 1024 bytes and sends a Login success which is an error. I am
> sending CHAP_C value of binary length 2064 hex digits which is greater
> than 1024 bytes.
>
> please find the attachment for pcap.
>
> RFC 3720 Clause 11.1.4
> ----------<snip>-----------
> C and R are large-binary-values and their binary length (not the length of
> the character string that represents them in encoded form) MUST not
> exceed 1024 bytes.
> ----------<snip>-----------
>
Applying the following patch to enforce 1024 bytes of binary data for
CHAP_C.
Please confirm on your end.
Thank you,
--nab
diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
index 9430eea..59cd242 100644
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -355,6 +355,10 @@ static int chap_server_compute_md5(
pr_err("Unable to convert incoming challenge\n");
goto out;
}
+ if (challenge_len > 1024) {
+ pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n");
+ goto out;
+ }
/*
* During mutual authentication, the CHAP_C generated by the
* initiator must not match the original CHAP_C generated by
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
