Date: Sun, 9 Nov 2014 13:30:03 +0000 (UTC) From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r274309 - head/usr.sbin/ctld Message-ID: <201411091330.sA9DU3b6074525@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trasz Date: Sun Nov 9 13:30:02 2014 New Revision: 274309 URL: https://svnweb.freebsd.org/changeset/base/274309 Log: Fix several nits in redirection handling - don't use wrong CSG, and avoid use-after-free. MFC after: 1 month Sponsored by: The FreeBSD Foundation Modified: head/usr.sbin/ctld/login.c Modified: head/usr.sbin/ctld/login.c ============================================================================== --- head/usr.sbin/ctld/login.c Sun Nov 9 13:01:09 2014 (r274308) +++ head/usr.sbin/ctld/login.c Sun Nov 9 13:30:02 2014 (r274309) @@ -620,11 +620,10 @@ login_redirect(struct pdu *request, cons struct keys *response_keys; response = login_new_response(request); + login_set_csg(response, login_csg(request)); bhslr2 = (struct iscsi_bhs_login_response *)response->pdu_bhs; bhslr2->bhslr_status_class = 0x01; bhslr2->bhslr_status_detail = 0x01; - login_set_csg(response, BHSLR_STAGE_OPERATIONAL_NEGOTIATION); - login_set_nsg(response, BHSLR_STAGE_OPERATIONAL_NEGOTIATION); response_keys = keys_new(); keys_add(response_keys, "TargetAddress", target_address); @@ -679,7 +678,7 @@ login_negotiate(struct connection *conn, struct iscsi_bhs_login_response *bhslr2; struct keys *request_keys, *response_keys; int i; - bool skipped_security; + bool redirected, skipped_security; if (request == NULL) { log_debugx("beginning operational parameter negotiation; " @@ -689,6 +688,18 @@ login_negotiate(struct connection *conn, } else skipped_security = true; + /* + * RFC 3720, 10.13.5. Status-Class and Status-Detail, says + * the redirection SHOULD be accepted by the initiator before + * authentication, but MUST be be accepted afterwards; that's + * why we're doing it here and not earlier. + */ + redirected = login_target_redirect(conn, request); + if (redirected) { + log_debugx("initiator redirected; exiting"); + exit(0); + } + request_keys = keys_new(); keys_load(request_keys, request); @@ -876,12 +887,6 @@ login(struct connection *conn) keys_delete(request_keys); - redirected = login_target_redirect(conn, request); - if (redirected) { - log_debugx("initiator redirected; exiting"); - exit(0); - } - log_debugx("initiator skipped the authentication, " "and we don't need it; proceeding with negotiation"); login_negotiate(conn, request); @@ -893,12 +898,6 @@ login(struct connection *conn) * Initiator might want to to authenticate, * but we don't need it. */ - redirected = login_target_redirect(conn, request); - if (redirected) { - log_debugx("initiator redirected; exiting"); - exit(0); - } - log_debugx("authentication not required; " "transitioning to operational parameter negotiation"); @@ -987,17 +986,5 @@ login(struct connection *conn) login_chap(conn, ag); - /* - * RFC 3720, 10.13.5. Status-Class and Status-Detail, says - * the redirection SHOULD be accepted by the initiator before - * authentication, but MUST be be accepted afterwards; that's - * why we're doing it here and not earlier. - */ - redirected = login_target_redirect(conn, request); - if (redirected) { - log_debugx("initiator redirected; exiting"); - exit(0); - } - login_negotiate(conn, NULL); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201411091330.sA9DU3b6074525>