guix/gnu/packages/patches/glib-CVE-2021-27219-16.patch

From cb9ee701ef46c1819eed4e2a4dc181682bdfc176 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 10 Feb 2021 21:16:39 +0000
Subject: [PATCH 1/3] gkeyfilesettingsbackend: Fix basename handling when group
 is unset

Fix an effective regression in commit
7781a9cbd2fd0aa84bee0f4eee88470640ff6706, which happens when
`convert_path()` is called with a `key` which contains no slashes. In
that case, the `key` is entirely the `basename`.

Prior to commit 7781a9cb, the code worked through a fluke of `i == -1`
cancelling out with the various additions in the `g_memdup()` call, and
effectively resulting in `g_strdup (key)`.

Spotted by Guido Berhoerster.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
 gio/gkeyfilesettingsbackend.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
index 25b057672..861c3a661 100644
--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
@@ -185,7 +185,12 @@ convert_path (GKeyfileSettingsBackend  *kfsb,
     }
 
   if (basename)
-    *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
+    {
+      if (last_slash != NULL)
+        *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
+      else
+        *basename = g_strdup (key);
+    }
 
   return TRUE;
 }
-- 
2.30.1
gnu: glib: Fix CVE-2021-27218 and CVE-2021-27219. * gnu/packages/patches/glib-CVE-2021-27218.patch, gnu/packages/patches/glib-CVE-2021-27219-01.patch, gnu/packages/patches/glib-CVE-2021-27219-02.patch, gnu/packages/patches/glib-CVE-2021-27219-03.patch, gnu/packages/patches/glib-CVE-2021-27219-04.patch, gnu/packages/patches/glib-CVE-2021-27219-05.patch, gnu/packages/patches/glib-CVE-2021-27219-06.patch, gnu/packages/patches/glib-CVE-2021-27219-07.patch, gnu/packages/patches/glib-CVE-2021-27219-08.patch, gnu/packages/patches/glib-CVE-2021-27219-09.patch, gnu/packages/patches/glib-CVE-2021-27219-10.patch, gnu/packages/patches/glib-CVE-2021-27219-11.patch, gnu/packages/patches/glib-CVE-2021-27219-12.patch, gnu/packages/patches/glib-CVE-2021-27219-13.patch, gnu/packages/patches/glib-CVE-2021-27219-14.patch, gnu/packages/patches/glib-CVE-2021-27219-15.patch, gnu/packages/patches/glib-CVE-2021-27219-16.patch, gnu/packages/patches/glib-CVE-2021-27219-17.patch, gnu/packages/patches/glib-CVE-2021-27219-18.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/glib.scm (glib)[replacement]: New field. (glib/fixed): New variable. 2021-03-11 05:34:28 -05:00			`From cb9ee701ef46c1819eed4e2a4dc181682bdfc176 Mon Sep 17 00:00:00 2001`
			`From: Philip Withnall <pwithnall@endlessos.org>`
			`Date: Wed, 10 Feb 2021 21:16:39 +0000`
			`Subject: [PATCH 1/3] gkeyfilesettingsbackend: Fix basename handling when group`
			`is unset`

			`Fix an effective regression in commit`
			`7781a9cbd2fd0aa84bee0f4eee88470640ff6706, which happens when`
			`convert_path()` is called with a `key` which contains no slashes. In
			that case, the `key` is entirely the `basename`.

			Prior to commit 7781a9cb, the code worked through a fluke of `i == -1`
			cancelling out with the various additions in the `g_memdup()` call, and
			effectively resulting in `g_strdup (key)`.

			`Spotted by Guido Berhoerster.`

			`Signed-off-by: Philip Withnall <pwithnall@endlessos.org>`
			`---`
			`gio/gkeyfilesettingsbackend.c \| 7 ++++++-`
			`1 file changed, 6 insertions(+), 1 deletion(-)`

			`diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c`
			`index 25b057672..861c3a661 100644`
			`--- a/gio/gkeyfilesettingsbackend.c`
			`+++ b/gio/gkeyfilesettingsbackend.c`
			`@@ -185,7 +185,12 @@ convert_path (GKeyfileSettingsBackend *kfsb,`
			`}`

			`if (basename)`
			`- *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));`
			`+ {`
			`+ if (last_slash != NULL)`
			`+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));`
			`+ else`
			`+ *basename = g_strdup (key);`
			`+ }`

			`return TRUE;`
			`}`
			`--`
			`2.30.1`