diff --git a/.gitignore b/.gitignore index 28a1522..f7dbc2f 100644 --- a/.gitignore +++ b/.gitignore @@ -50,3 +50,5 @@ TAGS /utils/iscsi-readcapacity16 /utils/iscsi-swp /libiscsi.pc +/.cproject +/.project diff --git a/include/iscsi-private.h b/include/iscsi-private.h index 77425b0..4e1c71c 100644 --- a/include/iscsi-private.h +++ b/include/iscsi-private.h @@ -63,6 +63,9 @@ void iscsi_free_iscsi_inqueue(struct iscsi_context *iscsi, struct iscsi_in_pdu * /* size of chap response field */ #define CHAP_R_SIZE 16 +/* max length of chap challange */ +#define MAX_CHAP_C_LENGTH 2048 + struct iscsi_context { char initiator_name[MAX_STRING_SIZE+1]; char target_name[MAX_STRING_SIZE+1]; @@ -74,7 +77,7 @@ struct iscsi_context { char user[MAX_STRING_SIZE+1]; char passwd[MAX_STRING_SIZE+1]; - char chap_c[MAX_STRING_SIZE+1]; + char chap_c[MAX_CHAP_C_LENGTH+1]; char target_user[MAX_STRING_SIZE+1]; char target_passwd[MAX_STRING_SIZE+1]; diff --git a/lib/login.c b/lib/login.c index 72ceaf9..17825ca 100644 --- a/lib/login.c +++ b/lib/login.c @@ -695,6 +695,7 @@ iscsi_login_add_chap_response(struct iscsi_context *iscsi, struct iscsi_pdu *pdu return -1; } } + c = 0; if (iscsi_pdu_add_data(iscsi, pdu, &c, 1) != 0) { iscsi_set_error(iscsi, "Out-of-memory: pdu add data " @@ -1153,7 +1154,15 @@ iscsi_process_login_reply(struct iscsi_context *iscsi, struct iscsi_pdu *pdu, } if (!strncmp(ptr, "CHAP_C=0x", 9)) { - strncpy(iscsi->chap_c,ptr+9,MAX_STRING_SIZE); + if (len-9 > MAX_CHAP_C_LENGTH) { + iscsi_set_error(iscsi, "Wrong length of CHAP_C received from" + " target (%d, max: %d)", len-9, MAX_CHAP_C_LENGTH); + pdu->callback(iscsi, SCSI_STATUS_ERROR, NULL, + pdu->private_data); + return 0; + } + *iscsi->chap_c = '\0'; + strncat(iscsi->chap_c,ptr+9,len-9); iscsi->secneg_phase = ISCSI_LOGIN_SECNEG_PHASE_SEND_RESPONSE; } diff --git a/tests/.gitignore b/tests/.gitignore new file mode 100644 index 0000000..2e9c72d --- /dev/null +++ b/tests/.gitignore @@ -0,0 +1,4 @@ +/prog_noop_reply +/prog_reconnect +/prog_reconnect_timeout +/prog_timeout