mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-02-01 01:15:19 +00:00
8dfb12cb77
The refactor of 'udevListInterfacesByStatus()' which attempted to make it usable as backend for 'udevNumOfInterfacesByStatus()' neglected to consider the corner case of 'g_new0(..., 0)' returning NULL if the user actually requests 0 elements. As the code was modified to report the full number of interfaces in the system when the list of names is NULL, the RPC code would be asked to serialize a NULL-list of interface names with declared lenth of 1+ causing a crash. To fix this corner case we make callers pass '-1' as @names_len (it's conveniently an 'int' due to RPC type usage) if they don't wish to fetch the actual list and convert all decisions to be done on @names_len being non-negative instead of @names being non-NULL. CVE-2024-8235 Fixes: bc596f275129bc11b2c4bcf737d380c9e8aeb72d Resolves: https://issues.redhat.com/browse/RHEL-55373 Reported-by: Yanqiu Zhang <yanqzhan@redhat.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>