1 files changed, 34 insertions, 0 deletions

diff --git a/backport-acl_copy_entry-Prevent-accidental-NULL-pointer-deref.patch b/backport-acl_copy_entry-Prevent-accidental-NULL-pointer-deref.patch
new file mode 100644
index 0000000..e3a2f3d
--- /dev/null
+++ b/backport-acl_copy_entry-Prevent-accidental-NULL-pointer-deref.patch
@@ -0,0 +1,34 @@
+From 4b7672d6fbfb9ef8a0b81f285b74aa299185aa83 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruenba@redhat.com>
+Date: Mon, 24 Jun 2024 12:41:04 +0200
+Subject: [PATCH] acl_copy_entry: Prevent accidental NULL pointer dereference
+
+In acl_copy_entry(), when dest_d turns out to be invalid, dest_p will be
+NULL.  Instead of checking for that, we are accidentally checking if
+dest_d is NULL.  As a result, when called with an invalid dest_d object,
+acl_copy_entry() will cause a NULL pointer dereference instead of
+indicating an error.  This is a relatively minor problem, but worth
+fixing nonetheless.
+
+Reported-by: His Shadow <shadowpilot34@gmail.com>
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+---
+ libacl/acl_copy_entry.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libacl/acl_copy_entry.c b/libacl/acl_copy_entry.c
+index f9c90c7..e92580c 100644
+--- a/libacl/acl_copy_entry.c
++++ b/libacl/acl_copy_entry.c
+@@ -28,7 +28,7 @@ acl_copy_entry(acl_entry_t dest_d, acl_entry_t src_d)
+ {
+ 	acl_entry_obj *dest_p = ext2int(acl_entry, dest_d),
+ 	               *src_p = ext2int(acl_entry,  src_d);
+-	if (!dest_d || !src_p)
++	if (!dest_p || !src_p)
+ 		return -1;
+ 
+ 	dest_p->etag  = src_p->etag;
+-- 
+2.33.0
+