packages/libvirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libvirt/virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch
caozhongwang 3037d729e3 fix CVE-2024-1441,CVE-2024-2494,CVE-2024-2496 
vish:Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441)
remote: check for negative array lengths before allocation (CVE-2024-2494)
interface: fix udev_device_get_sysattr_value return value check (CVE-2024-2496)
2024-04-10 16:49:43 +08:00

40 lines
1.4 KiB
Diff
Raw Blame History

From 001ede185f96d359481495a4016fcd0cffb2e1b0 Mon Sep 17 00:00:00 2001
From: Martin Kletzander <mkletzan@redhat.com>
Date: Tue, 27 Feb 2024 16:20:12 +0100
Subject: [PATCH 6/8] virsh:Fix off-by-one error in udevListInterfacesByStatus
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Ever since this function was introduced in 2012 it could've tried
filling in an extra interface name. That was made worse in 2019 when
the caller functions started accepting NULL arrays of size 0.
This is assigned CVE-2024-1441.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca
Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/interface/interface_backend_udev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
index e388f98536..dde88860d3 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -221,7 +221,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
virInterfaceDefPtr def;
/* Ensure we won't exceed the size of our array */
- if (count > names_len)
+ if (count >= names_len)
break;
path = udev_list_entry_get_name(dev_entry);
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink