fix CVE-2024-1441
vish:Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441)
This commit is contained in:
caozhongwang
parent
e0d5ff1d0d
commit
cda990d1fd
@ -101,7 +101,7 @@
|
|||||||
Summary: Library providing a simple virtualization API
|
Summary: Library providing a simple virtualization API
|
||||||
Name: libvirt
|
Name: libvirt
|
||||||
Version: 6.2.0
|
Version: 6.2.0
|
||||||
Release: 21
|
Release: 22
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: https://libvirt.org/
|
URL: https://libvirt.org/
|
||||||
|
|
||||||
@ -156,6 +156,7 @@ Patch0043: virsh-Display-vhostuser-socket-path-in-domblklist.patch
|
|||||||
Patch0044: nwfilter-fix-crash-when-counting-number-of-network-f.patch
|
Patch0044: nwfilter-fix-crash-when-counting-number-of-network-f.patch
|
||||||
Patch0045: qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch
|
Patch0045: qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch
|
||||||
Patch0046: update-the-Chinese-translation-of-nwfilter.patch
|
Patch0046: update-the-Chinese-translation-of-nwfilter.patch
|
||||||
|
Patch0047: virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch
|
||||||
|
|
||||||
Requires: libvirt-daemon = %{version}-%{release}
|
Requires: libvirt-daemon = %{version}-%{release}
|
||||||
Requires: libvirt-daemon-config-network = %{version}-%{release}
|
Requires: libvirt-daemon-config-network = %{version}-%{release}
|
||||||
@ -1890,6 +1891,9 @@ exit 0
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 10 2024 caozhongwang <caozhongwang1@huawei.com>
|
||||||
|
- vish:Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441)
|
||||||
|
|
||||||
* Sat Dec 10 2022 yezengruan <yezengruan@huawei.com>
|
* Sat Dec 10 2022 yezengruan <yezengruan@huawei.com>
|
||||||
- update the Chinese translation of nwfilter
|
- update the Chinese translation of nwfilter
|
||||||
|
|
||||||
|
|||||||
39
virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch
Normal file
39
virsh-Fix-off-by-one-error-in-udevListInterfacesBySt.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From 001ede185f96d359481495a4016fcd0cffb2e1b0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Martin Kletzander <mkletzan@redhat.com>
|
||||||
|
Date: Tue, 27 Feb 2024 16:20:12 +0100
|
||||||
|
Subject: [PATCH 6/8] virsh:Fix off-by-one error in udevListInterfacesByStatus
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Ever since this function was introduced in 2012 it could've tried
|
||||||
|
filling in an extra interface name. That was made worse in 2019 when
|
||||||
|
the caller functions started accepting NULL arrays of size 0.
|
||||||
|
|
||||||
|
This is assigned CVE-2024-1441.
|
||||||
|
|
||||||
|
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
|
||||||
|
Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
|
||||||
|
Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca
|
||||||
|
Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15
|
||||||
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||||||
|
---
|
||||||
|
src/interface/interface_backend_udev.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
|
||||||
|
index e388f98536..dde88860d3 100644
|
||||||
|
--- a/src/interface/interface_backend_udev.c
|
||||||
|
+++ b/src/interface/interface_backend_udev.c
|
||||||
|
@@ -221,7 +221,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
|
||||||
|
virInterfaceDefPtr def;
|
||||||
|
|
||||||
|
/* Ensure we won't exceed the size of our array */
|
||||||
|
- if (count > names_len)
|
||||||
|
+ if (count >= names_len)
|
||||||
|
break;
|
||||||
|
|
||||||
|
path = udev_list_entry_get_name(dev_entry);
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
||||||
Loading…
x
Reference in New Issue
Block a user