packages/open-iscsi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!83 [sync] PR-81: Remove password printing in session info display

Browse Source 
Merge pull request !83 from openeuler-sync-bot/sync-pr81-openEuler-20.03-LTS-SP1-to-openEuler-20.03-LTS-SP3
This commit is contained in:
openeuler-ci-bot 2022-01-26 09:51:20 +00:00 committed by Gitee
commit 0292f0fa58
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
0024-Remove-session-info-password-print.patch Normal file
View File

@ -0,0 +1,56 @@
From fe6458547a2e6dd6c7dd8246738e0c8a73478171 Mon Sep 17 00:00:00 2001
From: Wenchao Hao <haowenchao@huawei.com>
Date: Tue, 25 Jan 2022 19:36:35 +0800
Subject: [PATCH] Remove session info password print
In consideration of security, password should not be printed
in log, so this patch remove password printing in code.
Signed-off-by: Wenchao Hao <haowenchao@huawei.com>
---
usr/session_info.c | 16 +++-------------
1 file changed, 3 insertions(+), 13 deletions(-)
diff --git a/usr/session_info.c b/usr/session_info.c
index 0dae82f..b9c406f 100644
--- a/usr/session_info.c
+++ b/usr/session_info.c
@@ -268,7 +268,6 @@ void session_info_print_tree(struct iscsi_session **ses, uint32_t se_count,
int32_t tgt_reset_tmo = -1;
int32_t lu_reset_tmo = -1;
int32_t abort_tmo = -1;
- const char *pass = NULL;
for (i = 0; i < se_count; ++i) {
curr = ses[i];
@@ -403,24 +402,15 @@ void session_info_print_tree(struct iscsi_session **ses, uint32_t se_count,
if (!do_show)
printf("%s\t\tpassword: %s\n", prefix,
"********");
- else {
- pass = iscsi_session_password_get(curr);
+ else
printf("%s\t\tpassword: %s\n", prefix,
- strlen(pass) ? pass : UNKNOWN_VALUE);
- }
+ "********");
printf("%s\t\tusername_in: %s\n", prefix,
strlen(iscsi_session_username_in_get(curr)) ?
iscsi_session_username_in_get(curr) :
UNKNOWN_VALUE);
- if (!do_show)
- printf("%s\t\tpassword_in: %s\n", prefix,
- "********");
- else {
- pass = iscsi_session_password_in_get(curr);
- printf("%s\t\tpassword: %s\n", prefix,
- strlen(pass) ? pass : UNKNOWN_VALUE);
- }
+ printf("%s\t\tpassword_in: %s\n", prefix,"********");
}
if (flags & SESSION_INFO_ISCSI_PARAMS)
--
1.8.3.1

6
open-iscsi.spec
View File

@ -4,7 +4,7 @@
Name: open-iscsi
Version: 2.1.1
Release: 10
Release: 11
Summary: ISCSI software initiator daemon and utility programs
License: GPLv2+ and BSD
URL: http://www.open-iscsi.com
@ -32,6 +32,7 @@ Patch20: 0020-check-for-header-length-underflow-during-checksum-ca.patch
Patch21: 0021-check-for-u8-overflow-when-processing-TCP-options.patch
Patch22: 0022-check-for-TCP-urgent-pointer-past-end-of-frame.patch
Patch23: 0023-fix-iscsiadm-op-new-report-to-cannot-rename-error.patch
patch24: 0024-Remove-session-info-password-print.patch
BuildRequires: flex bison doxygen kmod-devel systemd-units gcc git isns-utils-devel systemd-devel
BuildRequires: autoconf automake libtool libmount-devel openssl-devel pkg-config gdb
@ -165,6 +166,9 @@ fi
%{_mandir}/man8/*
%changelog
* Thu Oct 21 2021 haowenchao <haowenchao@huawei.com> - 2.1.1-11
- Remove password print in session info display
* Thu Oct 21 2021 haowenchao <haowenchao@huawei.com> - 2.1.1-10
- Update URL