c74ab5ce6f
If a "raw" IPv6 address (denoted by a leading '[') is used as a target address, then 'arg' is incremented by one to skip over the '['. However, this meant that at the end of the function the wrong address was passed to free(). With malloc junking enabled and given suitably small strings, malloc() would happily overwrite the correct number of bytes with junk, but off by one byte overwriting the byte after the allocation. This manifested as the first byte of the 'HeaderDigest' key being overwritten causing the key name on the wire to be sent as '\x5eaderDigest' which the target rejected. Reported by: Jithesh Arakkan @ Chelsio Found with: ASAN (via WITH_ASAN=yes) Sponsored by: Chelsio Communications |
||
|---|---|---|
| .. | ||
| discovery.c | ||
| iscsid.8 | ||
| iscsid.c | ||
| iscsid.h | ||
| login.c | ||
| Makefile | ||
| Makefile.depend | ||