Projects
Mega:23.03
systemd
_service:tar_scm:backport-util-another-set-of-C...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-util-another-set-of-CVE-2021-4034-assert-s.patch of Package systemd
From 356b1ee1febeecf636eec6b7e08036603bf760d5 Mon Sep 17 00:00:00 2001 From: Lennart Poettering <lennart@poettering.net> Date: Tue, 1 Feb 2022 12:06:21 +0100 Subject: [PATCH] util: another set of CVE-2021-4034 assert()s It's a good idea that we validate argc/argv when we are supposed to store them away. (cherry picked from commit 007e03b284e8ffc0b92edb2122cd9d2d16f049ef) (cherry picked from commit dcba78244e5dc3a4b57fb978a2d21640164c89a2) Conflict:NA Reference:https://github.com/systemd/systemd/commit/356b1ee1febeecf636eec6b7e08036603bf760d5 --- src/basic/util.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/basic/util.h b/src/basic/util.h index b6c51c036e..22fcef719f 100644 --- a/src/basic/util.h +++ b/src/basic/util.h @@ -9,6 +9,12 @@ extern int saved_argc; extern char **saved_argv; static inline void save_argc_argv(int argc, char **argv) { + + /* Protect against CVE-2021-4034 style attacks */ + assert_se(argc > 0); + assert_se(argv); + assert_se(argv[0]); + saved_argc = argc; saved_argv = argv; } -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2