Blame SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
|
 |
692963 |
From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
|
|
|
692963 |
From: Zdenek Dohnal <zdohnal@redhat.com>
|
|
|
692963 |
Date: Thu, 26 May 2022 06:27:04 +0200
|
|
|
692963 |
Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
|
|
|
692963 |
CVE-2022-26691)
|
|
|
692963 |
|
|
|
692963 |
The previous algorithm didn't expect the strings can have a different
|
|
|
692963 |
length, so one string can be a substring of the other and such substring
|
|
|
692963 |
was reported as equal to the longer string.
|
|
|
692963 |
---
|
|
|
692963 |
CHANGES.md | 1 +
|
|
|
692963 |
scheduler/cert.c | 9 ++++++++-
|
|
|
692963 |
2 files changed, 9 insertions(+), 1 deletion(-)
|
|
|
692963 |
|
|
|
692963 |
diff --git a/scheduler/cert.c b/scheduler/cert.c
|
|
|
692963 |
index b268bf1b2..9b65b96c9 100644
|
|
|
692963 |
--- a/scheduler/cert.c
|
|
|
692963 |
+++ b/scheduler/cert.c
|
|
|
692963 |
@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */
|
|
|
692963 |
b ++;
|
|
|
692963 |
}
|
|
|
692963 |
|
|
|
692963 |
- return (result);
|
|
|
692963 |
+ /*
|
|
|
692963 |
+ * The while loop finishes when *a == '\0' or *b == '\0'
|
|
|
692963 |
+ * so after the while loop either both *a and *b == '\0',
|
|
|
692963 |
+ * or one points inside a string, so when we apply bitwise OR on *a,
|
|
|
692963 |
+ * *b and result, we get a non-zero return value if the compared strings don't match.
|
|
|
692963 |
+ */
|
|
|
692963 |
+
|
|
|
692963 |
+ return (result | *a | *b);
|
|
|
692963 |
}
|
|
|
692963 |
--
|
|
|
692963 |
2.36.1
|
|
|
692963 |
|