scsi: target: fix SendTargets=All string compares

strncmp is currently used for "SendTargets" key and "All" value matching
without checking for trailing garbage. This means that Text request PDUs
with garbage such as "SendTargetsPlease=All" and "SendTargets=Alle" are
processed successfully as if they were "SendTargets=All" requests.

Reviewed-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: David Disseldorp <ddiss@suse.de>
Link: https://lore.kernel.org/r/20190912095547.22427-3-ddiss@suse.de
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index d19e051..09e55ea 100644 (file)
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -2189,24 +2189,22 @@ iscsit_process_text_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd,
                }
                goto empty_sendtargets;
        }
-       if (strncmp("SendTargets", text_in, 11) != 0) {
+       if (strncmp("SendTargets=", text_in, 12) != 0) {
                pr_err("Received Text Data that is not"
                        " SendTargets, cannot continue.\n");
                goto reject;
        }
+       /* '=' confirmed in strncmp */
        text_ptr = strchr(text_in, '=');
-       if (!text_ptr) {
-               pr_err("No \"=\" separator found in Text Data,"
-                       "  cannot continue.\n");
-               goto reject;
-       }
-       if (!strncmp("=All", text_ptr, 4)) {
+       BUG_ON(!text_ptr);
+       if (!strncmp("=All", text_ptr, 5)) {
                cmd->cmd_flags |= ICF_SENDTARGETS_ALL;
        } else if (!strncmp("=iqn.", text_ptr, 5) ||
                   !strncmp("=eui.", text_ptr, 5)) {
                cmd->cmd_flags |= ICF_SENDTARGETS_SINGLE;
        } else {
-               pr_err("Unable to locate valid SendTargets=%s value\n", text_ptr);
+               pr_err("Unable to locate valid SendTargets%s value\n",
+                      text_ptr);
                goto reject;
        }