aboutsummaryrefslogtreecommitdiff
path: root/drivers/xen
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2013-05-23 10:32:17 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-06-07 12:49:29 -0700
commit7c12b0057706c0694c96c06a2988fed65c8c7515 (patch)
treef628b18c568df643b0ed89e8d8eb81ced39fb9bf /drivers/xen
parent6092ad5bbc7631f60be754f5013533c909eca733 (diff)
iscsi-target: fix heap buffer overflow on error
commit cea4dcfdad926a27a18e188720efe0f2c9403456 upstream. If a key was larger than 64 bytes, as checked by iscsi_check_key(), the error response packet, generated by iscsi_add_notunderstood_response(), would still attempt to copy the entire key into the packet, overflowing the structure on the heap. Remote preauthentication kernel memory corruption was possible if a target was configured and listening on the network. CVE-2013-2850 Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/xen')
0 files changed, 0 insertions, 0 deletions