Blame SOURCES/0052-update-common-submodule-for-CVE-2022-2211-fix.patch

0602f3
From 5852b85eaa174dfb87ce7a03b9f70e2bffac4ca4 Mon Sep 17 00:00:00 2001
0602f3
From: Laszlo Ersek <lersek@redhat.com>
0602f3
Date: Wed, 29 Jun 2022 15:44:27 +0200
0602f3
Subject: [PATCH] update common submodule for CVE-2022-2211 fix
0602f3
0602f3
$ git shortlog 9e990f3e4530..35467027f657
0602f3
0602f3
Laszlo Ersek (1):
0602f3
      options: fix buffer overflow in get_keys() [CVE-2022-2211]
0602f3
0602f3
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
0602f3
(cherry picked from commit 795d5dfcef77fc54fec4d237bda28571454a6d4e)
0602f3
---
0602f3
 common | 2 +-
0602f3
 1 file changed, 1 insertion(+), 1 deletion(-)
0602f3
0602f3
Submodule common be09523d..1174b443:
0602f3
diff --git a/common/options/keys.c b/common/options/keys.c
0602f3
index 798315c..d27a712 100644
0602f3
--- a/common/options/keys.c
0602f3
+++ b/common/options/keys.c
0602f3
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
0602f3
 char **
0602f3
 get_keys (struct key_store *ks, const char *device, const char *uuid)
0602f3
 {
0602f3
-  size_t i, j, len;
0602f3
+  size_t i, j, nmemb;
0602f3
   char **r;
0602f3
   char *s;
0602f3
 
0602f3
   /* We know the returned list must have at least one element and not
0602f3
    * more than ks->nr_keys.
0602f3
    */
0602f3
-  len = 1;
0602f3
-  if (ks)
0602f3
-    len = MIN (1, ks->nr_keys);
0602f3
-  r = calloc (len+1, sizeof (char *));
0602f3
+  nmemb = 1;
0602f3
+  if (ks && ks->nr_keys > nmemb)
0602f3
+    nmemb = ks->nr_keys;
0602f3
+
0602f3
+  /* make room for the terminating NULL */
0602f3
+  if (nmemb == (size_t)-1)
0602f3
+    error (EXIT_FAILURE, 0, _("size_t overflow"));
0602f3
+  nmemb++;
0602f3
+
0602f3
+  r = calloc (nmemb, sizeof (char *));
0602f3
   if (r == NULL)
0602f3
     error (EXIT_FAILURE, errno, "calloc");
0602f3
 
0602f3
-- 
0602f3
2.31.1
0602f3