diff options
| author | Mark H Weaver <mhw@netris.org> | 2021-03-11 05:34:28 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2021-03-11 06:21:13 -0500 |
| commit | 21b3b755151028647081fe96d2992b3743531d71 (patch) | |
| tree | 264867809c519a310d1d7de6a8b2d4827816ee70 /gnu/packages/patches/glib-CVE-2021-27219-11.patch | |
| parent | 500189b4d2f1e3a2d4ee8ab73d889e3d8ac70632 (diff) | |
| download | guix-patches-21b3b755151028647081fe96d2992b3743531d71.tar guix-patches-21b3b755151028647081fe96d2992b3743531d71.tar.gz | |
gnu: glib: Fix CVE-2021-27218 and CVE-2021-27219.
* gnu/packages/patches/glib-CVE-2021-27218.patch,
gnu/packages/patches/glib-CVE-2021-27219-01.patch,
gnu/packages/patches/glib-CVE-2021-27219-02.patch,
gnu/packages/patches/glib-CVE-2021-27219-03.patch,
gnu/packages/patches/glib-CVE-2021-27219-04.patch,
gnu/packages/patches/glib-CVE-2021-27219-05.patch,
gnu/packages/patches/glib-CVE-2021-27219-06.patch,
gnu/packages/patches/glib-CVE-2021-27219-07.patch,
gnu/packages/patches/glib-CVE-2021-27219-08.patch,
gnu/packages/patches/glib-CVE-2021-27219-09.patch,
gnu/packages/patches/glib-CVE-2021-27219-10.patch,
gnu/packages/patches/glib-CVE-2021-27219-11.patch,
gnu/packages/patches/glib-CVE-2021-27219-12.patch,
gnu/packages/patches/glib-CVE-2021-27219-13.patch,
gnu/packages/patches/glib-CVE-2021-27219-14.patch,
gnu/packages/patches/glib-CVE-2021-27219-15.patch,
gnu/packages/patches/glib-CVE-2021-27219-16.patch,
gnu/packages/patches/glib-CVE-2021-27219-17.patch,
gnu/packages/patches/glib-CVE-2021-27219-18.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/glib.scm (glib)[replacement]: New field.
(glib/fixed): New variable.
Diffstat (limited to 'gnu/packages/patches/glib-CVE-2021-27219-11.patch')
| -rw-r--r-- | gnu/packages/patches/glib-CVE-2021-27219-11.patch | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/gnu/packages/patches/glib-CVE-2021-27219-11.patch b/gnu/packages/patches/glib-CVE-2021-27219-11.patch new file mode 100644 index 0000000000..4413cb9827 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-11.patch @@ -0,0 +1,57 @@ +From ecdf91400e9a538695a0895b95ad7e8abcdf1749 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 14:09:40 +0000 +Subject: [PATCH 11/11] giochannel: Forbid very long line terminator strings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The public API `GIOChannel.line_term_len` is only a `guint`. Ensure that +nul-terminated strings passed to `g_io_channel_set_line_term()` can’t +exceed that length. Use `g_memdup2()` to avoid a warning (`g_memdup()` +is due to be deprecated), but not to avoid a bug, since it’s also +limited to `G_MAXUINT`. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 +--- + glib/giochannel.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index 15927c391..66c6591f0 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -884,16 +884,25 @@ g_io_channel_set_line_term (GIOChannel *channel, + const gchar *line_term, + gint length) + { ++ guint length_unsigned; ++ + g_return_if_fail (channel != NULL); + g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */ + + if (line_term == NULL) +- length = 0; +- else if (length < 0) +- length = strlen (line_term); ++ length_unsigned = 0; ++ else if (length >= 0) ++ length_unsigned = (guint) length; ++ else ++ { ++ /* FIXME: We’re constrained by line_term_len being a guint here */ ++ gsize length_size = strlen (line_term); ++ g_return_if_fail (length_size > G_MAXUINT); ++ length_unsigned = (guint) length_size; ++ } + + g_free (channel->line_term); +- channel->line_term = line_term ? g_memdup2 (line_term, length) : NULL; ++ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL; + channel->line_term_len = length; + } + +-- +2.30.1 + |