Please sign in to comment.
iscsi-target: fix heap buffer overflow on error
If a key was larger than 64 bytes, as checked by iscsi_check_key(), the error response packet, generated by iscsi_add_notunderstood_response(), would still attempt to copy the entire key into the packet, overflowing the structure on the heap. Remote preauthentication kernel memory corruption was possible if a target was configured and listening on the network. CVE-2013-2850 Signed-off-by: Kees Cook <email@example.com> Cc: firstname.lastname@example.org Signed-off-by: Nicholas Bellinger <email@example.com>
- Loading branch information...
Showing with 6 additions and 6 deletions.