From bbcbb04329e75fc91e2d9dc015fbb0efc7dd2ddd Mon Sep 17 00:00:00 2001 From: openEuler Buildteam Date: Sat, 9 Nov 2019 02:41:28 -0500 Subject: [PATCH] iscsi-iname -p xxxx resulting in buffer overflow if the name is longer than 256 characters, when exec iscsi-iname -p name. occur buffer overflow such as follow: iscsi-iname -p aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa *** buffer overflow detected ***: iscsi-iname terminated Aborted (core dumped) --- utils/iscsi-iname.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff -Nur a/utils/iscsi-iname.c b/utils/iscsi-iname.c --- a/utils/iscsi-iname.c 2019-12-23 08:00:50.000000000 +0000 +++ b/utils/iscsi-iname.c 2019-12-23 08:05:09.000000000 +0000 @@ -50,6 +50,9 @@ int e; int fd; char *prefix; + char *prefix_node = ":node"; + char *buffer = NULL; + int reserved_len; /* initialize */ memset(iname, 0, sizeof (iname)); @@ -76,6 +79,13 @@ prefix = "iqn.2012-01.com.openeuler"; } + if (strlen(prefix) >= (sizeof(iname) - strlen(prefix_node))) { + printf("\nInput a unique iSCSI node name error. " + "The maximum length is less than %lu\n", + sizeof(iname) - strlen(prefix_node)); + exit(0); + } + /* try to feed some entropy from the pool to MD5 in order to get * uniqueness properties */ @@ -132,8 +142,10 @@ } /* print the prefix followed by 6 bytes of the MD5 hash */ - sprintf(iname, "%s:node", prefix); - + buffer = iname; + reserved_len = strlen(prefix_node); + snprintf(buffer, sizeof(iname) - reserved_len, "%s", prefix); + strncat(buffer, prefix_node, reserved_len); iname[sizeof (iname) - 1] = '\0'; printf("%s\n", iname);