cve-toolkit

CVE helper toolkit
git clone git://git.finwo.net/app/cve-toolkit
Log | Files | Refs | README | LICENSE
commit 30b77f265e04a56a6a95882920d7a61e47c1f1d4
parent 65147ad552817d1972305202052ef04cc1d79040
Author: finwo <finwo@pm.me>
Date:   Sat,  9 May 2026 02:00:20 +0200

Add cve alias support

Diffstat:

Msrc/detector/cve-2026-31431.c | 2+-


Msrc/detector/cve-2026-43284.c | 2+-


Msrc/detector/setup.c | 4+++-


Msrc/detector/setup.h | 4+++-


Msrc/main.c | 3+++


5 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/detector/cve-2026-31431.c b/src/detector/cve-2026-31431.c
@@ -29,7 +29,7 @@ int detector_cve_2026_31431(struct cve_context *ctx) {
 }
 
 __attribute__((constructor)) void detector_cve_2026_31431_setup() {
-  detector_queue_append("CVE-2026-31431",
+  detector_queue_append("CVE-2026-31431", "CopyFail",
                         "Add 'initcall_blacklist=algif_aead_init' to the Linux kernel cmdline.\n  For GRUB, add it to "
                         "GRUB_CMDLINE_LINUX in /etc/default/grub and run update-grub.",
                         detector_cve_2026_31431);
diff --git a/src/detector/cve-2026-43284.c b/src/detector/cve-2026-43284.c
@@ -2298,7 +2298,7 @@ int detector_cve_2026_43284(struct cve_context *ctx) {
 }
 
 __attribute__((constructor)) void detector_cve_2026_43284_setup(void) {
-  detector_queue_append("CVE-2026-43284",
+  detector_queue_append("CVE-2026-43284", "DirtyFrag",
                         "Dirty Frag (xfrm-ESP Page-Cache Write): "
                         "Run the following to blacklist vulnerable modules:\n"
                         "  sh -c \"printf 'install esp4 /bin/false\\ninstall esp6 /bin/false\\n"
diff --git a/src/detector/setup.c b/src/detector/setup.c
@@ -12,7 +12,8 @@ int detector_fail  = 0;
 
 struct cve_context g_cve_ctx = {0};
 
-void detector_queue_append(const char *name, const char *remediation, int (*fn)(struct cve_context *ctx)) {
+void detector_queue_append(const char *name, const char *alias, const char *remediation,
+                           int (*fn)(struct cve_context *ctx)) {
   // Initial queue initialize
   if (!detector_queue_cap) {
     detector_queue     = malloc(sizeof(void *));
@@ -29,6 +30,7 @@ void detector_queue_append(const char *name, const char *remediation, int (*fn)(
   struct detector_queue_entry *entry = calloc(1, sizeof(struct detector_queue_entry));
   entry->handler                     = fn;
   entry->name                        = name;
+  entry->alias                       = alias;
   entry->remediation                 = remediation;
 
   // Append fn to queue
diff --git a/src/detector/setup.h b/src/detector/setup.h
@@ -17,6 +17,7 @@ struct detector_queue_entry {
   int (*handler)(struct cve_context *ctx);
   const char *name;
   const char *remediation;
+  const char *alias;
   int         result;
 };
 
@@ -27,7 +28,8 @@ extern int                           detector_total;
 extern int                           detector_pass;
 extern int                           detector_fail;
 
-void detector_queue_append(const char *name, const char *remediation, int (*fn)(struct cve_context *ctx));
+void detector_queue_append(const char *name, const char *alias, const char *remediation,
+                           int (*fn)(struct cve_context *ctx));
 
 #ifdef __cplusplus
 }  // extern "C"
diff --git a/src/main.c b/src/main.c
@@ -55,6 +55,9 @@ int main(int argc, char **argv) {
       fprintf(stderr, "\n");
       fprintf(stdout, "%s", entry->name);
       fprintf(stderr, ":");
+      if (entry->alias) {
+        fprintf(stderr, " %s", entry->alias);
+      }
       fprintf(stdout, "\n");
       if (entry->remediation) {
         fprintf(stderr, "  %s\n", entry->remediation);