diff options
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch')
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch new file mode 100644 index 0000000000..63fda0b600 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch @@ -0,0 +1,59 @@ +From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 14:07:39 +0000 +Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The public API `g_tls_password_set_value_full()` (and the vfunc it +invokes) can only accept a `gssize` length. Ensure that nul-terminated +strings passed to `g_tls_password_set_value()` can’t exceed that length. +Use `g_memdup2()` to avoid an overflow if they’re longer than +`G_MAXUINT` similarly. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/gtlspassword.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c +index 1e437a7b6..dbcec41a8 100644 +--- a/gio/gtlspassword.c ++++ b/gio/gtlspassword.c +@@ -23,6 +23,7 @@ + #include "glibintl.h" + + #include "gioenumtypes.h" ++#include "gstrfuncsprivate.h" + #include "gtlspassword.h" + + #include <string.h> +@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword *password, + g_return_if_fail (G_IS_TLS_PASSWORD (password)); + + if (length < 0) +- length = strlen ((gchar *)value); ++ { ++ /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ ++ gsize length_unsigned = strlen ((gchar *) value); ++ g_return_if_fail (length_unsigned > G_MAXSSIZE); ++ length = (gssize) length_unsigned; ++ } + +- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free); ++ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free); + } + + /** +-- +GitLab + + |