40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
|
From 0f082f9d3df0b1c2b63c2b5ad3201e08d1ffe449 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Martin Kletzander <mkletzan@redhat.com>
|
||
|
|
Date: Tue, 27 Feb 2024 16:20:12 +0100
|
||
|
|
Subject: [PATCH] Fix off-by-one error in udevListInterfacesByStatus
|
||
|
|
MIME-Version: 1.0
|
||
|
|
Content-Type: text/plain; charset=UTF-8
|
||
|
|
Content-Transfer-Encoding: 8bit
|
||
|
|
|
||
|
|
Ever since this function was introduced in 2012 it could've tried
|
||
|
|
filling in an extra interface name. That was made worse in 2019 when
|
||
|
|
the caller functions started accepting NULL arrays of size 0.
|
||
|
|
|
||
|
|
This is assigned CVE-2024-1441.
|
||
|
|
|
||
|
|
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
|
||
|
|
Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
|
||
|
|
Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca
|
||
|
|
Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15
|
||
|
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||
|
|
---
|
||
|
|
src/interface/interface_backend_udev.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
|
||
|
|
index fb6799ed94..4091483060 100644
|
||
|
|
--- a/src/interface/interface_backend_udev.c
|
||
|
|
+++ b/src/interface/interface_backend_udev.c
|
||
|
|
@@ -222,7 +222,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
|
||
|
|
g_autoptr(virInterfaceDef) def = NULL;
|
||
|
|
|
||
|
|
/* Ensure we won't exceed the size of our array */
|
||
|
|
- if (count > names_len)
|
||
|
|
+ if (count >= names_len)
|
||
|
|
break;
|
||
|
|
|
||
|
|
path = udev_list_entry_get_name(dev_entry);
|
||
|
|
--
|
||
|
|
2.27.0
|
||
|
|
|