lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 9 Aug 2012 12:49:58 -0500
From:	Michael Christie <michaelc@...wisc.edu>
To:	open-iscsi@...glegroups.com
Cc:	manish.rangankar@...gic.com, linux-kernel@...r.kernel.org
Subject: Re: [SCSI] qla4xxx: support iscsiadm session mgmt


On Aug 8, 2012, at 11:57 AM, Dan Carpenter <dan.carpenter@...cle.com> wrote:

> On Wed, Aug 08, 2012 at 10:35:44AM -0500, Mike Christie wrote:
>> On 08/08/2012 10:00 AM, Dan Carpenter wrote:
>>> I never heard back on this.  This buffer overflow is still present
>>> in the current code.
>>> 
>> 
>> Qlogic just sent a patch yesterday.
>> http://marc.info/?l=linux-scsi&m=134434199930938&w=2
> 
> Ah, good.
> 
> It seems like qla4xxx_ep_connect() should take a pointer to struct
> sockaddr_storage and also dst_addr in qla4xxx_get_ep_fwdb() should
> be changed as well.  As in:
> 
> static struct iscsi_endpoint *
> -qla4xxx_ep_connect(struct Scsi_Host *shost, struct sockaddr *dst_addr,
> +qla4xxx_ep_connect(struct Scsi_Host *shost, struct sockaddr_storage *dst_addr,
>                    int non_blocking)


Do you mean that should be done to fix a bug or to just make it nicer? I think it will not be a issue bug wise, because it ends up getting cast to the proper struct in the end and the proper size to copy is detected. What actually gets passed that function above is not a struct sockaddr_storage. It is a sockaddr_in or socaddr_in6. It depends on if it is ipv6 or not.

If you are just saying it would be nicer to be consistent in the struct used then it is a larger change that I think should be done in another patch. It will affect other drivers.--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ