rpms/virt-v2v
7
0
Fork 0
Code Issues Pull Requests Releases Activity
cb49722608
virt-v2v/0052-update-common-submodule-for-CVE-2022-2211-fix.patch
Richard W.M. Jones 2f9214744a Reapply patches since we are using git format-patch --submodule=diff 
- Don't comment out patch 0029 (the common submodule update).

- Use a common/.gitattributes trick to exclude files from the common
  patch that are not included in virt-v2v tarball.  This also requires
  some sed hacking.

NB: I tried using ':(exclude)...' stuff and it does not work for
submodules, at least not with the git version in RHEL 8.

For more info see private email thread "Customer case requiring our
assistance" in 2023.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
resolves: rhbz#2184183
2023-04-04 08:45:24 +01:00

51 lines
1.4 KiB
Diff
Raw Blame History

From 5852b85eaa174dfb87ce7a03b9f70e2bffac4ca4 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 29 Jun 2022 15:44:27 +0200
Subject: [PATCH] update common submodule for CVE-2022-2211 fix
$ git shortlog 9e990f3e4530..35467027f657
Laszlo Ersek (1):
options: fix buffer overflow in get_keys() [CVE-2022-2211]
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 795d5dfcef77fc54fec4d237bda28571454a6d4e)
---
common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Submodule common be09523d..1174b443:
diff --git a/common/options/keys.c b/common/options/keys.c
index 798315c2..d27a7123 100644
--- a/common/options/keys.c
+++ b/common/options/keys.c
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
char **
get_keys (struct key_store *ks, const char *device, const char *uuid)
{
- size_t i, j, len;
+ size_t i, j, nmemb;
char **r;
char *s;
/* We know the returned list must have at least one element and not
* more than ks->nr_keys.
*/
- len = 1;
- if (ks)
- len = MIN (1, ks->nr_keys);
- r = calloc (len+1, sizeof (char *));
+ nmemb = 1;
+ if (ks && ks->nr_keys > nmemb)
+ nmemb = ks->nr_keys;
+
+ /* make room for the terminating NULL */
+ if (nmemb == (size_t)-1)
+ error (EXIT_FAILURE, 0, _("size_t overflow"));
+ nmemb++;
+
+ r = calloc (nmemb, sizeof (char *));
if (r == NULL)
error (EXIT_FAILURE, errno, "calloc");
Reference in New Issue View Git Blame Copy Permalink