mirror of
https://github.com/torvalds/linux.git
synced 2024-11-06 03:51:48 +00:00
iscsi-target: Reject zero-length payloads during SecurityNegotiation
This patch changes iscsi_target_handle_csg_zero() to explicitly reject login requests in SecurityNegotiation with a zero-length payload, following the language in RFC-3720 Section 8.2: Whenever an iSCSI target gets a response whose keys, or their values, are not according to the step definition, it MUST answer with a Login reject with the "Initiator Error" or "Missing Parameter" status. Previously when a zero-length login request in CSG=0 was received, the target would send a login response with CSG=0 + T_BIT=0 asking the initiator to complete authentication, and not fail the login until MAX_LOGIN_PDUS was reached. This change will now immediately fail the login attempt with ISCSI_STATUS_CLS_INITIATOR_ERR status. Reported-by: Tejas Vaykole <tejas.vaykole@calsoftinc.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
This commit is contained in:
parent
51a07f8464
commit
91f0abfda1
@ -773,6 +773,12 @@ static int iscsi_target_handle_csg_zero(
|
||||
}
|
||||
|
||||
goto do_auth;
|
||||
} else if (!payload_length) {
|
||||
pr_err("Initiator sent zero length security payload,"
|
||||
" login failed\n");
|
||||
iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
|
||||
ISCSI_LOGIN_STATUS_AUTH_FAILED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (login->first_request)
|
||||
|
Loading…
Reference in New Issue
Block a user