fix null pointer dereference (RHEL-134662)

Resolves: RHEL-134662
This commit is contained in:
Michal Hlavinka 2026-06-17 23:03:01 +02:00
parent f7d480db1f
commit 89eda2de1c
2 changed files with 20 additions and 1 deletions

View File

@ -0,0 +1,13 @@
diff --git a/lib/volume.c b/lib/volume.c
index bfcc383..8d3a53d 100644
--- a/lib/volume.c
+++ b/lib/volume.c
@@ -281,7 +281,7 @@ libvk_volume_free (struct libvk_volume *vol)
{
g_return_if_fail (vol != NULL);
- if (strcmp (vol->format, LIBVK_VOLUME_FORMAT_LUKS) == 0
+ if (vol->format != NULL && strcmp (vol->format, LIBVK_VOLUME_FORMAT_LUKS) == 0
&& vol->v.luks != NULL)
luks_volume_free (vol->v.luks);
g_free (vol->hostname);

View File

@ -32,7 +32,7 @@
Summary: An utility for manipulating storage encryption keys and passphrases
Name: volume_key
Version: 0.3.12
Release: 26%{?dist}
Release: 27%{?dist}
License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later)
URL: https://pagure.io/%{name}/
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@ -48,6 +48,8 @@ Patch2: volume_key-0.3.12-FIPS.patch
Patch3: volume_key-0.3.12-sq_crypto.patch
# fix getting backup password from secret the FIPS way, RHEL-146218
Patch4: volume_key-0.3.12-fips2.patch
# from upstream, for <=0.3.12, RHEL-134662
Patch5: volume_key-0.3.12-fix_nullderef.patch
BuildRequires: autoconf, automake, libtool
BuildRequires: make
BuildRequires: gcc
@ -129,6 +131,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%patch -P 2 -p1
%patch -P 3 -p1 -b .sq_crypto
%patch -P 4 -p1 -b .fips2
%patch -P 5 -p1 -b .fix_nullderef
autoreconf -fiv
%build
@ -180,6 +183,9 @@ exit 1; \
%endif
%changelog
* Wed Jun 17 2026 Michal Hlavinka <mhlavink@redhat.com> - 0.3.12-27
- fix null pointer dereference (RHEL-134662)
* Wed Feb 11 2026 Michal Hlavinka <mhlavink@redhat.com> - 0.3.12-26
- make getting password from backed up secret FIPS compatible (RHEL-146218)