rpms/abrt
6
0
Fork 0
Code Issues Pull Requests Releases Activity
c8s
abrt/0096-CVE-2025-12744.patch
Michal Srb aaf4dce18e a-a-save-container-data: validate input 
Check that the Container ID contains only alphanumeric characters.

Resolves: CVE-2025-12744
Resolves: RHEL-126525

Signed-off-by: Michal Srb <michal@redhat.com>
2025-11-18 06:45:29 +01:00

47 lines
1.5 KiB
Diff
Raw Permalink Blame History

From c74aec7aaf4b674cb36ccda3d43207bd9ee8c049 Mon Sep 17 00:00:00 2001
From: Michal Srb <michal@redhat.com>
Date: Tue, 18 Nov 2025 06:42:19 +0100
Subject: [PATCH] a-a-save-container-data: validate input
Check that the Container ID contains only alphanumeric characters.
Resolves: CVE-2025-12744
Signed-off-by: Michal Srb <michal@redhat.com>
---
src/daemon/abrt-action-save-container-data.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/daemon/abrt-action-save-container-data.c b/src/daemon/abrt-action-save-container-data.c
index 9a5bfa4..ee452b2 100644
--- a/src/daemon/abrt-action-save-container-data.c
+++ b/src/daemon/abrt-action-save-container-data.c
@@ -101,6 +101,24 @@ void dump_docker_info(struct dump_dir *dd, const char *root_dir)
continue;
}
+ /* Check that the Container ID contains only alphanumeric characters */
+ bool valid_id = true;
+ for (int i = 0; i < 12; i++)
+ {
+ if (!g_ascii_isalnum(container_id[i]))
+ {
+ valid_id = false;
+ break;
+ }
+ }
+ if (!valid_id)
+ {
+ log_debug("Container ID contains invalid characters: '%s'", container_id);
+ g_free(container_id);
+ container_id = NULL;
+ continue;
+ }
+
char *docker_inspect_cmdline = NULL;
if (root_dir != NULL)
docker_inspect_cmdline = xasprintf("chroot %s /bin/sh -c \"docker inspect %s\"", root_dir, container_id);
--
2.51.1
Reference in New Issue View Git Blame Copy Permalink