47 lines
1.7 KiB
Diff
47 lines
1.7 KiB
Diff
From 68f2278d84fe560123c2ec34275380ed1086b706 Mon Sep 17 00:00:00 2001
|
|
Message-ID: <68f2278d84fe560123c2ec34275380ed1086b706.1713796876.git.jdenemar@redhat.com>
|
|
From: Martin Kletzander <mkletzan@redhat.com>
|
|
Date: Tue, 27 Feb 2024 16:20:12 +0100
|
|
Subject: [PATCH] Fix off-by-one error in udevListInterfacesByStatus
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Ever since this function was introduced in 2012 it could've tried
|
|
filling in an extra interface name. That was made worse in 2019 when
|
|
the caller functions started accepting NULL arrays of size 0.
|
|
|
|
This is assigned CVE-2024-1441.
|
|
|
|
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
|
|
Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
|
|
Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca
|
|
Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15
|
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
(cherry picked from commit c664015fe3a7bf59db26686e9ed69af011c6ebb8)
|
|
|
|
Conflicts:
|
|
- NEWS.rst: Removed the hunk
|
|
|
|
Resolves: https://issues.redhat.com/browse/RHEL-25081
|
|
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
|
|
---
|
|
src/interface/interface_backend_udev.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
|
|
index fb6799ed94..4091483060 100644
|
|
--- a/src/interface/interface_backend_udev.c
|
|
+++ b/src/interface/interface_backend_udev.c
|
|
@@ -222,7 +222,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
|
|
g_autoptr(virInterfaceDef) def = NULL;
|
|
|
|
/* Ensure we won't exceed the size of our array */
|
|
- if (count > names_len)
|
|
+ if (count >= names_len)
|
|
break;
|
|
|
|
path = udev_list_entry_get_name(dev_entry);
|
|
--
|
|
2.44.0
|