Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.6:Update
tcmu-runner.17814
tcmu-runner-fail-cross-device-XCOPY-requests.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tcmu-runner-fail-cross-device-XCOPY-requests.patch of Package tcmu-runner.17814
From 5901e05ce30f75ef46d90f78a42c9a63d4a2b469 Mon Sep 17 00:00:00 2001 From: David Disseldorp <ddiss@suse.de> Date: Mon, 16 Nov 2020 12:25:32 +0100 Subject: [PATCH] tcmur: fail cross-device XCOPY requests tcmu-runner can't determine whether the device(s) referred to in XCOPY Copy Source/Copy Destination (CSCD) descriptors should be accessible to the initiator via transport settings, ACLs, etc. Consequently, fail XCOPY requests with CSCD descriptors which refer to any device other than where the XCOPY request is processed. References: CVE-2020-28374 Fixes: 9c86bd0 ("tcmur: Add emulate XCOPY command support") Signed-off-by: David Disseldorp <ddiss@suse.de> Reviewed-by: Lee Duncan <lduncan@suse.com> [ddiss: backport for 1.4.0] --- tcmur_cmd_handler.c | 11 +++++++++++ 1 file changed, 11 insertions(+) Index: tcmu-runner-1.4.0/tcmur_cmd_handler.c =================================================================== --- tcmu-runner-1.4.0.orig/tcmur_cmd_handler.c +++ tcmu-runner-1.4.0/tcmur_cmd_handler.c @@ -1400,6 +1400,18 @@ static int xcopy_parse_parameter_list(st if (ret != TCMU_STS_OK) goto err; + /* + * tcmu-runner can't determine whether the device(s) referred to in an + * XCOPY request should be accessible to the initiator via transport + * settings, ACLs, etc. XXX Consequently, we need to fail any + * cross-device requests for safety reasons. + */ + if (dev != xcopy->src_dev || dev != xcopy->dst_dev) { + tcmu_dev_err(dev, "Cross-device XCOPY not supported\n"); + ret = TCMU_STS_CP_TGT_DEV_NOTCONN; + goto err; + } + if (tcmu_get_dev_block_size(xcopy->src_dev) != tcmu_get_dev_block_size(xcopy->dst_dev)) { tcmu_dev_err(dev, "The block size of src dev %u != dst dev %u\n",
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor