Add libguestfs-common patch, fixing CVE-2022-2211. Closes: #1014764

diff --git a/debian/patches/Add-libguestfs-common-patch-to-fix-CVE-2022-2211.patch b/debian/patches/Add-libguestfs-common-patch-to-fix-CVE-2022-2211.patch
new file mode 100644 (file)
index 0000000..6c73b6f
--- /dev/null
+++ b/debian/patches/Add-libguestfs-common-patch-to-fix-CVE-2022-2211.patch
@@ -0,0 +1,45 @@
+From: Hilko Bengen <bengen@debian.org>
+Date: Mon, 10 Apr 2023 13:45:29 +0200
+Subject: Add libguestfs-common patch to fix CVE-2022-2211
+
+git shortlog 9e990f3e4530..35467027f657 from libguestfs-common
+
+Laszlo Ersek (1):
+      options: fix buffer overflow in get_keys() [CVE-2022-2211]
+---
+ common/options/keys.c | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/common/options/keys.c b/common/options/keys.c
+index 798315c..d27a712 100644
+--- a/common/options/keys.c
++++ b/common/options/keys.c
+@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
+ char **
+ get_keys (struct key_store *ks, const char *device, const char *uuid)
+ {
+-  size_t i, j, len;
++  size_t i, j, nmemb;
+   char **r;
+   char *s;
+ 
+   /* We know the returned list must have at least one element and not
+    * more than ks->nr_keys.
+    */
+-  len = 1;
+-  if (ks)
+-    len = MIN (1, ks->nr_keys);
+-  r = calloc (len+1, sizeof (char *));
++  nmemb = 1;
++  if (ks && ks->nr_keys > nmemb)
++    nmemb = ks->nr_keys;
++
++  /* make room for the terminating NULL */
++  if (nmemb == (size_t)-1)
++    error (EXIT_FAILURE, 0, _("size_t overflow"));
++  nmemb++;
++
++  r = calloc (nmemb, sizeof (char *));
+   if (r == NULL)
+     error (EXIT_FAILURE, errno, "calloc");
+ 

diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644 (file)
index 0000000..32cb31a
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+Add-libguestfs-common-patch-to-fix-CVE-2022-2211.patch