Commit e7722d4
committed
scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
jira VULN-55147
cve CVE-2023-52974
commit-author Mike Christie <michael.christie@oracle.com>
commit f484a79
If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails,
userspace could be accessing the host's ipaddress attr. If we then free the
session via iscsi_session_teardown() while userspace is still accessing the
session we will hit a use after free bug.
Set the tcp_sw_host->session after we have completed session creation and
can no longer fail.
Link: https://lore.kernel.org/r/20230117193937.21244-3-michael.christie@oracle.com
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Reviewed-by: Lee Duncan <lduncan@suse.com>
Acked-by: Ding Hui <dinghui@sangfor.com.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit f484a79)
Signed-off-by: Jonathan Maple <jmaple@ciq.com>1 parent d8f82a0 commit e7722d4
1 file changed
+6
-3
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
791 | 791 | | |
792 | 792 | | |
793 | 793 | | |
794 | | - | |
| 794 | + | |
795 | 795 | | |
796 | 796 | | |
797 | 797 | | |
| |||
801 | 801 | | |
802 | 802 | | |
803 | 803 | | |
| 804 | + | |
804 | 805 | | |
805 | 806 | | |
806 | 807 | | |
| |||
897 | 898 | | |
898 | 899 | | |
899 | 900 | | |
900 | | - | |
901 | | - | |
902 | 901 | | |
903 | 902 | | |
904 | 903 | | |
| 904 | + | |
| 905 | + | |
| 906 | + | |
| 907 | + | |
905 | 908 | | |
906 | 909 | | |
907 | 910 | | |
| |||
0 commit comments