iscsiadm buffer overflow regression when discovering many targets at once

int_list type didn't zero the output string, so as the rec struct was reused repeatedly during discovery it would keep growing with repeated values triggering a strcat buffer overflow
author: Chris Leech <cleech@redhat.com> 2020-09-14 14:09:56 -0700
committer: Chris Leech <cleech@redhat.com> 2020-09-17 09:55:00 -0700
commit: 0c032f5f4f826199868099f0af10c4a913209573 (patch)
tree: df2194b31dae4510ec83e8edd4a631cd1053ca6c /usr
parent: e89ffb2a81a000471fe6b558d93a4437656b30f9 (diff)
download: open-iscsi-0c032f5f4f826199868099f0af10c4a913209573.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/usr/idbm.c b/usr/idbm.c
index 6309be0..42c2699 100644
--- a/usr/idbm.c
+++ b/usr/idbm.c
@@ -169,6 +169,7 @@ static struct idbm *db;
 #define __recinfo_int_list(_key,_info,_rec,_name,_show,_tbl,_n,_mod) do { \
 	_info[_n].type = TYPE_INT_LIST; \
 	strlcpy(_info[_n].name, _key, NAME_MAXVAL); \
+	_info[_n].value[0] = '\0'; \
 	for (unsigned long _i = 0; _i < ARRAY_LEN(_rec->_name); _i++) {	\
 		if (_rec->_name[_i] != (unsigned)~0) {			\
 			for (unsigned long _j = 0; _j < ARRAY_LEN(_tbl); _j++) {	\
author	Chris Leech <cleech@redhat.com>	2020-09-14 14:09:56 -0700
committer	Chris Leech <cleech@redhat.com>	2020-09-17 09:55:00 -0700
commit	0c032f5f4f826199868099f0af10c4a913209573 (patch)
tree	df2194b31dae4510ec83e8edd4a631cd1053ca6c /usr
parent	e89ffb2a81a000471fe6b558d93a4437656b30f9 (diff)
download	open-iscsi-0c032f5f4f826199868099f0af10c4a913209573.tar.gz