fix CVE-2024-1441
vish:Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441)
This commit is contained in:
caozhongwang
parent
e0d5ff1d0d
commit
cda990d1fd
@ -101,7 +101,7 @@
|
||||
Summary: Library providing a simple virtualization API
|
||||
Name: libvirt
|
||||
Version: 6.2.0
|
||||
Release: 21
|
||||
Release: 22
|
||||
License: LGPLv2+
|
||||
URL: https://libvirt.org/
|
||||
|
||||
@ -156,6 +156,7 @@ Patch0043: virsh-Display-vhostuser-socket-path-in-domblklist.patch
|
||||
Patch0044: nwfilter-fix-crash-when-counting-number-of-network-f.patch
|
||||
Patch0045: qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch
|
||||
Patch0046: update-the-Chinese-translation-of-nwfilter.patch
|
||||
Patch0047: virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch
|
||||
|
||||
Requires: libvirt-daemon = %{version}-%{release}
|
||||
Requires: libvirt-daemon-config-network = %{version}-%{release}
|
||||
@ -1890,6 +1891,9 @@ exit 0
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Apr 10 2024 caozhongwang <caozhongwang1@huawei.com>
|
||||
- vish:Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441)
|
||||
|
||||
* Sat Dec 10 2022 yezengruan <yezengruan@huawei.com>
|
||||
- update the Chinese translation of nwfilter
|
||||
|
||||
|
||||
39
virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch
Normal file
39
virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 001ede185f96d359481495a4016fcd0cffb2e1b0 Mon Sep 17 00:00:00 2001
|
||||
From: Martin Kletzander <mkletzan@redhat.com>
|
||||
Date: Tue, 27 Feb 2024 16:20:12 +0100
|
||||
Subject: [PATCH 6/8] virsh:Fix off-by-one error in udevListInterfacesByStatus
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Ever since this function was introduced in 2012 it could've tried
|
||||
filling in an extra interface name. That was made worse in 2019 when
|
||||
the caller functions started accepting NULL arrays of size 0.
|
||||
|
||||
This is assigned CVE-2024-1441.
|
||||
|
||||
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
|
||||
Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
|
||||
Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca
|
||||
Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15
|
||||
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||||
---
|
||||
src/interface/interface_backend_udev.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
|
||||
index e388f98536..dde88860d3 100644
|
||||
--- a/src/interface/interface_backend_udev.c
|
||||
+++ b/src/interface/interface_backend_udev.c
|
||||
@@ -221,7 +221,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
|
||||
virInterfaceDefPtr def;
|
||||
|
||||
/* Ensure we won't exceed the size of our array */
|
||||
- if (count > names_len)
|
||||
+ if (count >= names_len)
|
||||
break;
|
||||
|
||||
path = udev_list_entry_get_name(dev_entry);
|
||||
--
|
||||
2.27.0
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user