From 3ed3936bae56aee471dfaf379bfec755e42531f6 Mon Sep 17 00:00:00 2001 From: Hilko Bengen Date: Mon, 10 Apr 2023 13:45:29 +0200 Subject: [PATCH] Add libguestfs-common patch to fix CVE-2022-2211 git shortlog 9e990f3e4530..35467027f657 from libguestfs-common Laszlo Ersek (1): options: fix buffer overflow in get_keys() [CVE-2022-2211] Gbp-Pq: Name Add-libguestfs-common-patch-to-fix-CVE-2022-2211.patch --- common/options/keys.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/common/options/keys.c b/common/options/keys.c index 798315c..d27a712 100644 --- a/common/options/keys.c +++ b/common/options/keys.c @@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename) char ** get_keys (struct key_store *ks, const char *device, const char *uuid) { - size_t i, j, len; + size_t i, j, nmemb; char **r; char *s; /* We know the returned list must have at least one element and not * more than ks->nr_keys. */ - len = 1; - if (ks) - len = MIN (1, ks->nr_keys); - r = calloc (len+1, sizeof (char *)); + nmemb = 1; + if (ks && ks->nr_keys > nmemb) + nmemb = ks->nr_keys; + + /* make room for the terminating NULL */ + if (nmemb == (size_t)-1) + error (EXIT_FAILURE, 0, _("size_t overflow")); + nmemb++; + + r = calloc (nmemb, sizeof (char *)); if (r == NULL) error (EXIT_FAILURE, errno, "calloc"); -- 2.30.2