guix/gnu/packages/patches/glib-CVE-2021-27219-15.patch

From 3d1550354c3c6a8491c39881752d51cb7515f2c2 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 8 Feb 2021 10:22:39 +0000
Subject: [PATCH 5/5] tls-interaction: Add test coverage for various ways to
 set the password

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit df4501316ca3903072400504a5ea76498db19538)
---
 gio/tests/tls-interaction.c | 55 +++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c
index 4f0737d7e..5661e8e0d 100644
--- a/gio/tests/tls-interaction.c
+++ b/gio/tests/tls-interaction.c
@@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction    *interaction,
 }
 
 
+/* Return a copy of @str that is allocated in a silly way, to exercise
+ * custom free-functions. The returned pointer points to a copy of @str
+ * in a buffer of the form "BEFORE \0 str \0 AFTER". */
+static guchar *
+special_dup (const char *str)
+{
+  GString *buf = g_string_new ("BEFORE");
+  guchar *ret;
+
+  g_string_append_c (buf, '\0');
+  g_string_append (buf, str);
+  g_string_append_c (buf, '\0');
+  g_string_append (buf, "AFTER");
+  ret = (guchar *) g_string_free (buf, FALSE);
+  return ret + strlen ("BEFORE") + 1;
+}
+
+
+/* Free a copy of @str that was made with special_dup(), after asserting
+ * that it has not been corrupted. */
+static void
+special_free (gpointer p)
+{
+  gchar *s = p;
+  gchar *buf = s - strlen ("BEFORE") - 1;
+
+  g_assert_cmpstr (buf, ==, "BEFORE");
+  g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER");
+  g_free (buf);
+}
+
+
 static GTlsInteractionResult
 test_interaction_ask_password_sync_success (GTlsInteraction    *interaction,
                                             GTlsPassword       *password,
@@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction    *interaction,
                                             GError            **error)
 {
   TestInteraction *self;
+  const guchar *value;
+  gsize len;
 
   g_assert (TEST_IS_INTERACTION (interaction));
   self = TEST_INTERACTION (interaction);
@@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction    *interaction,
   g_assert (error != NULL);
   g_assert (*error == NULL);
 
+  /* Exercise different ways to set the value */
+  g_tls_password_set_value (password, (const guchar *) "foo", 4);
+  len = 0;
+  value = g_tls_password_get_value (password, &len);
+  g_assert_cmpmem (value, len, "foo", 4);
+
+  g_tls_password_set_value (password, (const guchar *) "bar", -1);
+  len = 0;
+  value = g_tls_password_get_value (password, &len);
+  g_assert_cmpmem (value, len, "bar", 3);
+
+  g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free);
+  len = 0;
+  value = g_tls_password_get_value (password, &len);
+  g_assert_cmpmem (value, len, "baa", 4);
+
+  g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free);
+  len = 0;
+  value = g_tls_password_get_value (password, &len);
+  g_assert_cmpmem (value, len, "baz", 3);
+
   /* Don't do this in real life. Include a null terminator for testing */
   g_tls_password_set_value (password, (const guchar *)"the password", 13);
   return G_TLS_INTERACTION_HANDLED;
-- 
2.30.1
gnu: glib: Fix CVE-2021-27218 and CVE-2021-27219. * gnu/packages/patches/glib-CVE-2021-27218.patch, gnu/packages/patches/glib-CVE-2021-27219-01.patch, gnu/packages/patches/glib-CVE-2021-27219-02.patch, gnu/packages/patches/glib-CVE-2021-27219-03.patch, gnu/packages/patches/glib-CVE-2021-27219-04.patch, gnu/packages/patches/glib-CVE-2021-27219-05.patch, gnu/packages/patches/glib-CVE-2021-27219-06.patch, gnu/packages/patches/glib-CVE-2021-27219-07.patch, gnu/packages/patches/glib-CVE-2021-27219-08.patch, gnu/packages/patches/glib-CVE-2021-27219-09.patch, gnu/packages/patches/glib-CVE-2021-27219-10.patch, gnu/packages/patches/glib-CVE-2021-27219-11.patch, gnu/packages/patches/glib-CVE-2021-27219-12.patch, gnu/packages/patches/glib-CVE-2021-27219-13.patch, gnu/packages/patches/glib-CVE-2021-27219-14.patch, gnu/packages/patches/glib-CVE-2021-27219-15.patch, gnu/packages/patches/glib-CVE-2021-27219-16.patch, gnu/packages/patches/glib-CVE-2021-27219-17.patch, gnu/packages/patches/glib-CVE-2021-27219-18.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/glib.scm (glib)[replacement]: New field. (glib/fixed): New variable. 2021-03-11 05:34:28 -05:00			`From 3d1550354c3c6a8491c39881752d51cb7515f2c2 Mon Sep 17 00:00:00 2001`
			`From: Simon McVittie <smcv@collabora.com>`
			`Date: Mon, 8 Feb 2021 10:22:39 +0000`
			`Subject: [PATCH 5/5] tls-interaction: Add test coverage for various ways to`
			`set the password`

			`Signed-off-by: Simon McVittie <smcv@collabora.com>`
			`(cherry picked from commit df4501316ca3903072400504a5ea76498db19538)`
			`---`
			`gio/tests/tls-interaction.c \| 55 +++++++++++++++++++++++++++++++++++++`
			`1 file changed, 55 insertions(+)`

			`diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c`
			`index 4f0737d7e..5661e8e0d 100644`
			`--- a/gio/tests/tls-interaction.c`
			`+++ b/gio/tests/tls-interaction.c`
			`@@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction *interaction,`
			`}`


			`+/* Return a copy of @str that is allocated in a silly way, to exercise`
			`+ * custom free-functions. The returned pointer points to a copy of @str`
			`+ * in a buffer of the form "BEFORE \0 str \0 AFTER". */`
			`+static guchar *`
			`+special_dup (const char *str)`
			`+{`
			`+ GString *buf = g_string_new ("BEFORE");`
			`+ guchar *ret;`
			`+`
			`+ g_string_append_c (buf, '\0');`
			`+ g_string_append (buf, str);`
			`+ g_string_append_c (buf, '\0');`
			`+ g_string_append (buf, "AFTER");`
			`+ ret = (guchar *) g_string_free (buf, FALSE);`
			`+ return ret + strlen ("BEFORE") + 1;`
			`+}`
			`+`
			`+`
			`+/* Free a copy of @str that was made with special_dup(), after asserting`
			`+ * that it has not been corrupted. */`
			`+static void`
			`+special_free (gpointer p)`
			`+{`
			`+ gchar *s = p;`
			`+ gchar *buf = s - strlen ("BEFORE") - 1;`
			`+`
			`+ g_assert_cmpstr (buf, ==, "BEFORE");`
			`+ g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER");`
			`+ g_free (buf);`
			`+}`
			`+`
			`+`
			`static GTlsInteractionResult`
			`test_interaction_ask_password_sync_success (GTlsInteraction *interaction,`
			`GTlsPassword *password,`
			`@@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction,`
			`GError **error)`
			`{`
			`TestInteraction *self;`
			`+ const guchar *value;`
			`+ gsize len;`

			`g_assert (TEST_IS_INTERACTION (interaction));`
			`self = TEST_INTERACTION (interaction);`
			`@@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction,`
			`g_assert (error != NULL);`
			`g_assert (*error == NULL);`

			`+ /* Exercise different ways to set the value */`
			`+ g_tls_password_set_value (password, (const guchar *) "foo", 4);`
			`+ len = 0;`
			`+ value = g_tls_password_get_value (password, &len);`
			`+ g_assert_cmpmem (value, len, "foo", 4);`
			`+`
			`+ g_tls_password_set_value (password, (const guchar *) "bar", -1);`
			`+ len = 0;`
			`+ value = g_tls_password_get_value (password, &len);`
			`+ g_assert_cmpmem (value, len, "bar", 3);`
			`+`
			`+ g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free);`
			`+ len = 0;`
			`+ value = g_tls_password_get_value (password, &len);`
			`+ g_assert_cmpmem (value, len, "baa", 4);`
			`+`
			`+ g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free);`
			`+ len = 0;`
			`+ value = g_tls_password_get_value (password, &len);`
			`+ g_assert_cmpmem (value, len, "baz", 3);`
			`+`
			`/* Don't do this in real life. Include a null terminator for testing */`
			`g_tls_password_set_value (password, (const guchar *)"the password", 13);`
			`return G_TLS_INTERACTION_HANDLED;`
			`--`
			`2.30.1`