54 lines
1.4 KiB
Diff
54 lines
1.4 KiB
Diff
|
From 5852b85eaa174dfb87ce7a03b9f70e2bffac4ca4 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Laszlo Ersek <lersek@redhat.com>
|
||
|
|
Date: Wed, 29 Jun 2022 15:44:27 +0200
|
||
|
|
Subject: [PATCH] update common submodule for CVE-2022-2211 fix
|
||
|
|
|
||
|
|
$ git shortlog 9e990f3e4530..35467027f657
|
||
|
|
|
||
|
|
Laszlo Ersek (1):
|
||
|
|
options: fix buffer overflow in get_keys() [CVE-2022-2211]
|
||
|
|
|
||
|
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||
|
|
(cherry picked from commit 795d5dfcef77fc54fec4d237bda28571454a6d4e)
|
||
|
|
---
|
||
|
|
common | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
Submodule common be09523d..1174b443:
|
||
|
|
diff --git a/common/options/keys.c b/common/options/keys.c
|
||
|
|
index 798315c..d27a712 100644
|
||
|
|
--- a/common/options/keys.c
|
||
|
|
+++ b/common/options/keys.c
|
||
|
|
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
|
||
|
|
char **
|
||
|
|
get_keys (struct key_store *ks, const char *device, const char *uuid)
|
||
|
|
{
|
||
|
|
- size_t i, j, len;
|
||
|
|
+ size_t i, j, nmemb;
|
||
|
|
char **r;
|
||
|
|
char *s;
|
||
|
|
|
||
|
|
/* We know the returned list must have at least one element and not
|
||
|
|
* more than ks->nr_keys.
|
||
|
|
*/
|
||
|
|
- len = 1;
|
||
|
|
- if (ks)
|
||
|
|
- len = MIN (1, ks->nr_keys);
|
||
|
|
- r = calloc (len+1, sizeof (char *));
|
||
|
|
+ nmemb = 1;
|
||
|
|
+ if (ks && ks->nr_keys > nmemb)
|
||
|
|
+ nmemb = ks->nr_keys;
|
||
|
|
+
|
||
|
|
+ /* make room for the terminating NULL */
|
||
|
|
+ if (nmemb == (size_t)-1)
|
||
|
|
+ error (EXIT_FAILURE, 0, _("size_t overflow"));
|
||
|
|
+ nmemb++;
|
||
|
|
+
|
||
|
|
+ r = calloc (nmemb, sizeof (char *));
|
||
|
|
if (r == NULL)
|
||
|
|
error (EXIT_FAILURE, errno, "calloc");
|
||
|
|
|
||
|
|
--
|
||
|
|
2.31.1
|
||
|
|
|