From 5852b85eaa174dfb87ce7a03b9f70e2bffac4ca4 Mon Sep 17 00:00:00 2001

From: Laszlo Ersek <lersek@redhat.com>

Date: Wed, 29 Jun 2022 15:44:27 +0200

Subject: [PATCH] update common submodule for CVE-2022-2211 fix

$ git shortlog 9e990f3e4530..35467027f657

Laszlo Ersek (1):

      options: fix buffer overflow in get_keys() [CVE-2022-2211]

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

(cherry picked from commit 795d5dfcef77fc54fec4d237bda28571454a6d4e)

---

 common | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

Submodule common be09523d..1174b443:

diff --git a/common/options/keys.c b/common/options/keys.c

index 798315c2..d27a7123 100644

--- a/common/options/keys.c

+++ b/common/options/keys.c

@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)

 char **

 get_keys (struct key_store *ks, const char *device, const char *uuid)

 {

-  size_t i, j, len;

+  size_t i, j, nmemb;

   char **r;

   char *s;

   /* We know the returned list must have at least one element and not

    * more than ks->nr_keys.

    */

-  len = 1;

-  if (ks)

-    len = MIN (1, ks->nr_keys);

-  r = calloc (len+1, sizeof (char *));

+  nmemb = 1;

+  if (ks && ks->nr_keys > nmemb)

+    nmemb = ks->nr_keys;

+

+  /* make room for the terminating NULL */

+  if (nmemb == (size_t)-1)

+    error (EXIT_FAILURE, 0, _("size_t overflow"));

+  nmemb++;

+

+  r = calloc (nmemb, sizeof (char *));

   if (r == NULL)

     error (EXIT_FAILURE, errno, "calloc");