Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-02-22 20:29:19 +0100
committerTakashi Iwai <tiwai@suse.de>2019-02-22 20:29:21 +0100
commita9adc26953c13d1754e6f68bfa360ca6a67c2c13 (patch)
tree2ed4991caa66a9561444ee4616986110706550cc
parent7bc87d8a0e1978d7632752cf48286edda67c7085 (diff)
scsi: target: iscsi: Use bin2hex instead of a re-implementation
(bsc#1107829 CVE-2018-14633).
-rw-r--r--patches.drivers/scsi-target-iscsi-use-bin2hex-instead-of-a-re-implementation60
-rw-r--r--series.conf1
2 files changed, 61 insertions, 0 deletions
diff --git a/patches.drivers/scsi-target-iscsi-use-bin2hex-instead-of-a-re-implementation b/patches.drivers/scsi-target-iscsi-use-bin2hex-instead-of-a-re-implementation
new file mode 100644
index 0000000000..b2a175f921
--- /dev/null
+++ b/patches.drivers/scsi-target-iscsi-use-bin2hex-instead-of-a-re-implementation
@@ -0,0 +1,60 @@
+From: Vincent Pelletier <plr.vincent@gmail.com>
+Date: Sun, 9 Sep 2018 04:09:27 +0000
+Subject: scsi: target: iscsi: Use bin2hex instead of a re-implementation
+Git-commit: 8c39e2699f8acb2e29782a834e56306da24937fe
+Patch-mainline: v4.19-rc6
+References: bsc#1107829 CVE-2018-14633
+
+Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
+Reviewed-by: Mike Christie <mchristi@redhat.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Acked-by: Lee Duncan <lduncan@suse.com>
+---
+ drivers/target/iscsi/iscsi_target_auth.c | 15 +++------------
+ 1 file changed, 3 insertions(+), 12 deletions(-)
+
+--- a/drivers/target/iscsi/iscsi_target_auth.c
++++ b/drivers/target/iscsi/iscsi_target_auth.c
+@@ -26,15 +26,6 @@
+ #include "iscsi_target_nego.h"
+ #include "iscsi_target_auth.h"
+
+-static void chap_binaryhex_to_asciihex(char *dst, char *src, int src_len)
+-{
+- int i;
+-
+- for (i = 0; i < src_len; i++) {
+- sprintf(&dst[i*2], "%02x", (int) src[i] & 0xff);
+- }
+-}
+-
+ static void chap_gen_challenge(
+ struct iscsi_conn *conn,
+ int caller,
+@@ -47,7 +38,7 @@ static void chap_gen_challenge(
+ memset(challenge_asciihex, 0, CHAP_CHALLENGE_LENGTH * 2 + 1);
+
+ get_random_bytes(chap->challenge, CHAP_CHALLENGE_LENGTH);
+- chap_binaryhex_to_asciihex(challenge_asciihex, chap->challenge,
++ bin2hex(challenge_asciihex, chap->challenge,
+ CHAP_CHALLENGE_LENGTH);
+ /*
+ * Set CHAP_C, and copy the generated challenge into c_str.
+@@ -281,7 +272,7 @@ static int chap_server_compute_md5(
+ goto out;
+ }
+
+- chap_binaryhex_to_asciihex(response, server_digest, MD5_SIGNATURE_SIZE);
++ bin2hex(response, server_digest, MD5_SIGNATURE_SIZE);
+ pr_debug("[server] MD5 Server Digest: %s\n", response);
+
+ if (memcmp(server_digest, client_digest, MD5_SIGNATURE_SIZE) != 0) {
+@@ -403,7 +394,7 @@ static int chap_server_compute_md5(
+ /*
+ * Convert response from binary hex to ascii hext.
+ */
+- chap_binaryhex_to_asciihex(response, digest, MD5_SIGNATURE_SIZE);
++ bin2hex(response, digest, MD5_SIGNATURE_SIZE);
+ *nr_out_len += sprintf(nr_out_ptr + *nr_out_len, "CHAP_R=0x%s",
+ response);
+ *nr_out_len += 1;
diff --git a/series.conf b/series.conf
index dc1f8659cc..d725ae8d3c 100644
--- a/series.conf
+++ b/series.conf
@@ -6367,6 +6367,7 @@
patches.fixes/Bluetooth-hidp-buffer-overflow-in-hidp_process_repor.patch
patches.fixes/hfsplus-fix-null-dereference-in-hfsplus_lookup.patch
patches.drivers/scsi-target-iscsi-use-hex2bin-instead-of-a-re-implementation
+ patches.drivers/scsi-target-iscsi-use-bin2hex-instead-of-a-re-implementation
patches.arch/powerpc-Avoid-code-patching-freed-init-sections.patch
patches.arch/powerpc-tm-Fix-userspace-r13-corruption.patch
patches.arch/powerpc-tm-Avoid-possible-userspace-r1-corruption-on.patch