libvirt: address CVE-2024-1441 (#8447)

mfrw · web-flow · commit e90170939d52 · 2024-03-21T11:18:09.000+05:30
Signed-off-by: Muhammad Falak R Wani &lt;falakreyaz@gmail.com&gt;
diff --git a/SPECS/libvirt/CVE-2024-1441.patch b/SPECS/libvirt/CVE-2024-1441.patch
@@ -0,0 +1,40 @@
+From 95f07e1b298f7a89df79334512fed9d15abd17a1 Mon Sep 17 00:00:00 2001
+From: Martin Kletzander <mkletzan@redhat.com>
+Date: Tue, 27 Feb 2024 16:20:12 +0100
+Subject: [PATCH] Fix off-by-one error in udevListInterfacesByStatus
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ever since this function was introduced in 2012 it could've tried
+filling in an extra interface name.  That was made worse in 2019 when
+the caller functions started accepting NULL arrays of size 0.
+
+This is assigned CVE-2024-1441.
+
+Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
+Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
+Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca
+Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
+---
+ src/interface/interface_backend_udev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
+index 8c41771..5b22a60 100644
+--- a/src/interface/interface_backend_udev.c
++++ b/src/interface/interface_backend_udev.c
+@@ -220,7 +220,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
+         g_autoptr(virInterfaceDef) def = NULL;
+ 
+         /* Ensure we won't exceed the size of our array */
+-        if (count > names_len)
++        if (count >= names_len)
+             break;
+ 
+         path = udev_list_entry_get_name(dev_entry);
+-- 
+2.40.1
+
diff --git a/SPECS/libvirt/libvirt.spec b/SPECS/libvirt/libvirt.spec
@@ -9,7 +9,7 @@
 Summary:        Virtualization API library that supports KVM, QEMU, Xen, ESX etc
 Name:           libvirt
 Version:        7.10.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -18,6 +18,7 @@ URL:            https://libvirt.org/
 Source0:        https://libvirt.org/sources/%{name}-%{version}.tar.xz
 # CVE-2023-2700 is fixed by https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585
 Patch1:         CVE-2023-2700.patch
+Patch2:         CVE-2024-1441.patch
 
 BuildRequires:  audit-libs-devel
 BuildRequires:  augeas
@@ -1055,6 +1056,9 @@ exit 0
 %{_libdir}/libnss_libvirt_guest.so.2
 
 %changelog
+* Tue Mar 19 2024 Muhammad Falak <mwani@microsoft.com> - 7.10.0-7
+- Introduce patch to address CVE-2024-1441
+
 * Wed Jan 17 2024 Harshit Gupta <guptaharshit@microsoft.com> - 7.10.0-6
 - Release bump with no changes to force a rebuild and consume new libssh2 build
 
