Re: [PATCH 1/1] libiscsi: fix potential buffer overrun in __iscsi_conn_send_pdu

On 9/3/2014 8:00 AM, micha...@cs.wisc.edu wrote: From: Mike Christie micha...@cs.wisc.edu This patches fixes a potential buffer overrun in __iscsi_conn_send_pdu. This function is used by iscsi drivers and userspace to send iscsi PDUs/ commands. For login commands, we have a set buffer size

[PATCH 1/1] libiscsi: fix potential buffer overrun in __iscsi_conn_send_pdu

From: Mike Christie micha...@cs.wisc.edu This patches fixes a potential buffer overrun in __iscsi_conn_send_pdu. This function is used by iscsi drivers and userspace to send iscsi PDUs/ commands. For login commands, we have a set buffer size. For all other commands we do not support data buffers

Re: potential buffer overrun in __iscsi_conn_send_pdu()

I never heard back on this. It still looks like a very serious bug with security implications etc. regards, dan carpenter On Mon, Jun 24, 2013 at 06:46:31PM +0300, Dan Carpenter wrote: My static checker complains about a possible array overflow in __iscsi_conn_send_pdu().

Re: potential buffer overrun in __iscsi_conn_send_pdu()

On 9/1/14, 1:06 PM, Dan Carpenter wrote: I never heard back on this. It still looks like a very serious bug with security implications etc. Sorry about that. I must have missed the original. You are right. I should have a tested patch by tomorrow. regards, dan carpenter On Mon, Jun 24,

potential buffer overrun in __iscsi_conn_send_pdu()

My static checker complains about a possible array overflow in __iscsi_conn_send_pdu(). drivers/scsi/libiscsi.c 743 if (data_size) { 744 memcpy(task-data, data, data_size); 745 task-data_count = data_size; 746 } else 747