From 493060f2ee3d5c1c8d6192bbfd307e0b720f6c11 Mon Sep 17 00:00:00 2001

From: Laszlo Ersek <lersek@redhat.com>

Date: Wed, 29 Jun 2022 15:38:46 +0200

Subject: [PATCH] update common submodule for CVE-2022-2211 fix

$ git shortlog 9e990f3e4530..35467027f657

Laszlo Ersek (1):

      options: fix buffer overflow in get_keys() [CVE-2022-2211]

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

(cherry picked from commit b2e7de29b413d531c9540eb46878170e357f4b62)

---

 common | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

Submodule common 9e990f3e4..35467027f:

diff --git a/common/options/keys.c b/common/options/keys.c

index 798315c..d27a712 100644

--- a/common/options/keys.c

+++ b/common/options/keys.c

@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)

 char **

 get_keys (struct key_store *ks, const char *device, const char *uuid)

 {

-  size_t i, j, len;

+  size_t i, j, nmemb;

   char **r;

   char *s;

   /* We know the returned list must have at least one element and not

    * more than ks->nr_keys.

    */

-  len = 1;

-  if (ks)

-    len = MIN (1, ks->nr_keys);

-  r = calloc (len+1, sizeof (char *));

+  nmemb = 1;

+  if (ks && ks->nr_keys > nmemb)

+    nmemb = ks->nr_keys;

+

+  /* make room for the terminating NULL */

+  if (nmemb == (size_t)-1)

+    error (EXIT_FAILURE, 0, _("size_t overflow"));

+  nmemb++;

+

+  r = calloc (nmemb, sizeof (char *));

   if (r == NULL)

     error (EXIT_FAILURE, errno, "calloc");

-- 

2.31.1