Fix string overflow that could occur during redirection due to passing

the wrong length to strlcpy(3). It looks like it could overflow into the next field, isc_user, which is properly long to accomodate for it; I don't think it could cause any harm other than breaking the connection. Reviewed by: mav MFC after: 2 weeks Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D26247
2020-09-01 14:52:35 +00:00 · 2020-09-01 14:52:35 +00:00 · 5d9b05ac30
commit 5d9b05ac30
parent a48cf24742
1 changed files with 1 additions and 1 deletions
--- a/usr.sbin/iscsid/login.c
+++ b/usr.sbin/iscsid/login.c
@ -170,7 +170,7 @@ kernel_modify(const struct connection *conn, const char *target_address)
 	ism.ism_session_id = conn->conn_session_id;
 	memcpy(&ism.ism_conf, &conn->conn_conf, sizeof(ism.ism_conf));
 	strlcpy(ism.ism_conf.isc_target_addr, target_address,
-	    sizeof(ism.ism_conf.isc_target));
+	    sizeof(ism.ism_conf.isc_target_addr));
 	error = ioctl(conn->conn_iscsi_fd, ISCSISMODIFY, &ism);
 	if (error != 0) {
 		log_err(1, "failed to redirect to %s: ISCSISMODIFY",