You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35 lines
1.1 KiB
35 lines
1.1 KiB
From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001 |
|
From: Zdenek Dohnal <zdohnal@redhat.com> |
|
Date: Thu, 26 May 2022 06:27:04 +0200 |
|
Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes |
|
CVE-2022-26691) |
|
|
|
The previous algorithm didn't expect the strings can have a different |
|
length, so one string can be a substring of the other and such substring |
|
was reported as equal to the longer string. |
|
--- |
|
CHANGES.md | 1 + |
|
scheduler/cert.c | 9 ++++++++- |
|
2 files changed, 9 insertions(+), 1 deletion(-) |
|
|
|
diff --git a/scheduler/cert.c b/scheduler/cert.c |
|
index b268bf1b2..9b65b96c9 100644 |
|
--- a/scheduler/cert.c |
|
+++ b/scheduler/cert.c |
|
@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */ |
|
b ++; |
|
} |
|
|
|
- return (result); |
|
+ /* |
|
+ * The while loop finishes when *a == '\0' or *b == '\0' |
|
+ * so after the while loop either both *a and *b == '\0', |
|
+ * or one points inside a string, so when we apply bitwise OR on *a, |
|
+ * *b and result, we get a non-zero return value if the compared strings don't match. |
|
+ */ |
|
+ |
|
+ return (result | *a | *b); |
|
} |
|
-- |
|
2.36.1 |
|
|
|
|