From 5d9b05ac304431ba816ff1b1058d9b6d2c9042f1 Mon Sep 17 00:00:00 2001
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
Date: Tue, 1 Sep 2020 14:52:35 +0000
Subject: [PATCH] Fix string overflow that could occur during redirection due
 to passing the wrong length to strlcpy(3). It looks like it could overflow
 into the next field, isc_user, which is properly long to accomodate for it; I
 don't think it could cause any harm other than breaking the connection.

Reviewed by:	mav
MFC after:	2 weeks
Sponsored by:	NetApp, Inc.
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D26247
---
 usr.sbin/iscsid/login.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr.sbin/iscsid/login.c b/usr.sbin/iscsid/login.c
index 0525ef076af7..112c97e48975 100644
--- a/usr.sbin/iscsid/login.c
+++ b/usr.sbin/iscsid/login.c
@@ -170,7 +170,7 @@ kernel_modify(const struct connection *conn, const char *target_address)
 	ism.ism_session_id = conn->conn_session_id;
 	memcpy(&ism.ism_conf, &conn->conn_conf, sizeof(ism.ism_conf));
 	strlcpy(ism.ism_conf.isc_target_addr, target_address,
-	    sizeof(ism.ism_conf.isc_target));
+	    sizeof(ism.ism_conf.isc_target_addr));
 	error = ioctl(conn->conn_iscsi_fd, ISCSISMODIFY, &ism);
 	if (error != 0) {
 		log_err(1, "failed to redirect to %s: ISCSISMODIFY",