From: David Disseldorp <ddiss@suse.de>
To: John Garry <john.g.garry@oracle.com>
Cc: target-devel@vger.kernel.org, linux-scsi@vger.kernel.org,
"Martin K. Petersen" <martin.petersen@oracle.com>
Subject: Re: [PATCH 0/2] scsi: target: fix CHAP_N handling
Date: Thu, 2 Jul 2026 04:31:26 +1000 [thread overview]
Message-ID: <20260702043126.37fe9855.ddiss@suse.de> (raw)
In-Reply-To: <8a1ba462-50ac-45b2-9d38-4a2671f7a1f9@oracle.com>
Bumping this, as I still think it's worth addressing...
On Wed, 3 Jun 2026 09:24:19 +0100, John Garry wrote:
> On 03/06/2026 00:19, David Disseldorp wrote:
> > On Tue, 2 Jun 2026 17:42:57 +0100, John Garry wrote:
> >
> >> On 02/06/2026 12:43, David Disseldorp wrote:
> >>> The sashiko bot pointed out issues with CHAP_N handling recently, when
> >>> reviewing a patch for a separate issue:
> >>> https://urldefense.com/v3/__https://sashiko.dev/*/patchset/20260521151121.808477-1-hossu.alexandru*40gmail.com__;IyU!!ACWV5N9M2RV99hQ!MNesZJ3IsH9Mv0iZxHUcVmbC_3uwDkJgMhAX8i1TelyqqZD_dAq1cwIy6RtYI8D3boJh5iFeGhtTvfTX$
> >>> Since extract_param() unconditionally strips '0x' or '0b' prefixes and
> >>> alters the returned type, wouldn't a valid user with a name like '0xalice' or
> >>> '0bob' have their username mutated to 'alice' or 'ob'?
> >>
> >> is there a real world case or vulnerability being fixed here?
> >
> > No vulnerability - the "real world case" is as above: CHAP
> > authentication currently fails if the CHAP username begins with 0x, 0b
> > or the upper case variants. The bug is trivial to reproduce.
> >
> Understood.
>
> To me, this is a fix for a problem which does not exist. And even if the
> spec says it's possible, it does not mean that we need to support it. If
> 0x prefix is part of the username, I think that problems should be expected.
IMO it's a real problem, e.g.: 'I changed my username from "bob" to
"0bob" and now I can't access my data.'
> Anyway, the code itself looks ok, so:
>
> Reviewed-by: John Garry <john.g.garry@oracle.com>
>
> But the maintainer can make the judgement to take this obviously.
Thanks for the review.
prev parent reply other threads:[~2026-07-01 18:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-02 11:43 [PATCH 0/2] scsi: target: fix CHAP_N handling David Disseldorp
2026-06-02 11:43 ` [PATCH 1/2] scsi: target: add extract_param_str() helper David Disseldorp
2026-06-03 16:30 ` Lee Duncan
2026-06-02 11:43 ` [PATCH 2/2] scsi: target: fix auth when CHAP_N carries a hex/b64 prefix David Disseldorp
2026-06-03 16:30 ` Lee Duncan
2026-06-02 16:42 ` [PATCH 0/2] scsi: target: fix CHAP_N handling John Garry
2026-06-02 23:19 ` David Disseldorp
2026-06-03 8:24 ` John Garry
2026-07-01 18:31 ` David Disseldorp [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260702043126.37fe9855.ddiss@suse.de \
--to=ddiss@suse.de \
--cc=john.g.garry@oracle.com \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=target-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox