From 2331e8ec33c40fcb350160c48dbe84d6062f05fd Mon Sep 17 00:00:00 2001
From: Vladislav Bolkhovitin <vst@vlnb.net>
Date: Thu, 13 Apr 2017 23:02:18 +0000
Subject: [PATCH] Thre is potential buffer overflow in iscsi_session_alloc()
 due to short computation of needed string size.  Notice the "%s@%s" in the
 first call to sprintf().

Signed-off-by: David Butterfield <dab21774@gmail.com>



git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@7110 d57e44dd-8a1f-0410-8b47-8ef2f437770f
---
 iscsi-scst/kernel/session.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iscsi-scst/kernel/session.c b/iscsi-scst/kernel/session.c
index 9c6bdc758..568415ef8 100644
--- a/iscsi-scst/kernel/session.c
+++ b/iscsi-scst/kernel/session.c
@@ -65,7 +65,7 @@ static int iscsi_session_alloc(struct iscsi_target *target,
 
 #ifdef CONFIG_SCST_PROC
 	name = kmalloc(strlen(info->user_name) + strlen(info->initiator_name) +
-			1, GFP_KERNEL);
+			2, GFP_KERNEL);	/* +1 (for '\0') +1 (for '@') */
 	if (name == NULL) {
 		err = -ENOMEM;
 		goto err;