Team, I have prepared a fixed package ready for s-p-u that fixes this problem. Changes to the package are: --- iscsitarget-0.4.16+svn162.orig/debian/changelog +++ iscsitarget-0.4.16+svn162/debian/changelog @@ -0,0 +1,143 @@ +iscsitarget (0.4.16+svn162-3.1) stable; urgency=low + + * Fix CVE-2010-0743 (Closes: #574935) + + -- Ritesh Raj Sarraf <rrs@researchut.com> Sun, 25 Apr 2010 11:51:35 +0530 + --- iscsitarget-0.4.16+svn162.orig/usr/isns.c +++ iscsitarget-0.4.16+svn162/usr/isns.c @@ -299,7 +299,7 @@ tlv = (struct isns_tlv *) hdr->pdu; if (name) - snprintf(mgmt->name, sizeof(mgmt->name), name); + snprintf(mgmt->name, sizeof(mgmt->name), "%s", name); else { mgmt->name[0] = '\0'; target = list_entry(targets_list.q_forw, struct target, tlist); @@ -687,7 +687,7 @@ ini = malloc(sizeof(*ini)); if (!ini) goto free_qry_mgmt; - snprintf(ini->name, sizeof(ini->name), name); + snprintf(ini->name, sizeof(ini->name), "%s", name); insque(&ini->ilist, &target->isns_head); } else name = NULL; The package in lenny does not use a patch system. To keep the changes for s-p- u, I went ahead and directly patched the source code. The patch gets added to the diff.gz. Unfortunately, the version in Lenny is not in good shape. There are many packaging errors in it. rrs@champaran:/tmp/DebSources/iscsitarget-0.4.16+svn162 $ lintian /var/tmp/Debian/Result/iscsitarget_0.4.16+svn162-3.1_amd64.changes I: iscsitarget source: missing-debian-source-format W: iscsitarget source: changelog-should-mention-nmu P: iscsitarget source: direct-changes-in-diff-but-no-patch-system usr/isns.c I: iscsitarget source: debian-watch-file-is-missing W: iscsitarget source: debhelper-but-no-misc-depends iscsitarget-source W: iscsitarget source: debhelper-but-no-misc-depends iscsitarget W: iscsitarget source: out-of-date-standards-version 3.8.0 (current is 3.8.4) P: iscsitarget source: source-contains-prebuilt-binary usr/session.o P: iscsitarget source: source-contains-prebuilt-binary usr/event.o P: iscsitarget source: source-contains-prebuilt-binary usr/ietadm.o P: iscsitarget source: source-contains-prebuilt-binary usr/isns.o P: iscsitarget source: source-contains-prebuilt-binary usr/log.o P: iscsitarget source: source-contains-prebuilt-binary usr/param.o P: iscsitarget source: source-contains-prebuilt-binary usr/ietd.o P: iscsitarget source: source-contains-prebuilt-binary usr/target.o P: iscsitarget source: source-contains-prebuilt-binary usr/chap.o P: iscsitarget source: source-contains-prebuilt-binary usr/ietd P: iscsitarget source: source-contains-prebuilt-binary usr/iscsid.o P: iscsitarget source: source-contains-prebuilt-binary usr/conn.o P: iscsitarget source: source-contains-prebuilt-binary usr/ctldev.o P: iscsitarget source: source-contains-prebuilt-binary usr/message.o P: iscsitarget source: source-contains-prebuilt-binary usr/plain.o P: iscsitarget source: source-contains-prebuilt-binary usr/ietadm E: iscsitarget: possible-gpl-code-linked-with-openssl W: iscsitarget: manpage-has-errors-from-man usr/share/man/man5/ietd.conf.5.gz 127: warning [p 2, 7.3i, div `an-div', 0.2i]: can't break line I: iscsitarget: init.d-script-does-not-provide-itself /etc/init.d/iscsitarget E: iscsitarget: init.d-script-missing-dependency-on-remote_fs /etc/init.d/iscsitarget: required-start E: iscsitarget: init.d-script-missing-dependency-on-remote_fs /etc/init.d/iscsitarget: required-stop N: 1 tag overridden (1 warning) The one that I introduced is: P: iscsitarget source: direct-changes-in-diff-but-no-patch-system usr/isns.c Please let me know if it is okay in this state or we want to fix the remaining bugs also for this stable update. This issue is fixed in squeeze/sid with a new upload (1.4.20-1). Regards, Ritesh -- Ritesh Raj Sarraf RESEARCHUT - http://www.researchut.com "Necessity is the mother of invention."
Attachment:
signature.asc
Description: This is a digitally signed message part.