guix/gnu/packages/patches/glib-CVE-2021-27219-17.patch

From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 10 Feb 2021 21:19:30 +0000
Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group
 names

These should never have been allowed; they will result in precondition
failures from the `GKeyFile` later on in the code.

A test will be added for this shortly.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
 gio/gkeyfilesettingsbackend.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
index 861c3a661..de216e615 100644
--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend  *kfsb,
 
   last_slash = strrchr (key, '/');
 
+  /* Disallow empty group names or key names */
+  if (key_len == 0 ||
+      (last_slash != NULL &&
+       (*(last_slash + 1) == '\0' ||
+        last_slash == key)))
+    return FALSE;
+
   if (kfsb->root_group)
     {
       /* if a root_group was specified, make sure the user hasn't given
-- 
2.30.1
gnu: glib: Fix CVE-2021-27218 and CVE-2021-27219. * gnu/packages/patches/glib-CVE-2021-27218.patch, gnu/packages/patches/glib-CVE-2021-27219-01.patch, gnu/packages/patches/glib-CVE-2021-27219-02.patch, gnu/packages/patches/glib-CVE-2021-27219-03.patch, gnu/packages/patches/glib-CVE-2021-27219-04.patch, gnu/packages/patches/glib-CVE-2021-27219-05.patch, gnu/packages/patches/glib-CVE-2021-27219-06.patch, gnu/packages/patches/glib-CVE-2021-27219-07.patch, gnu/packages/patches/glib-CVE-2021-27219-08.patch, gnu/packages/patches/glib-CVE-2021-27219-09.patch, gnu/packages/patches/glib-CVE-2021-27219-10.patch, gnu/packages/patches/glib-CVE-2021-27219-11.patch, gnu/packages/patches/glib-CVE-2021-27219-12.patch, gnu/packages/patches/glib-CVE-2021-27219-13.patch, gnu/packages/patches/glib-CVE-2021-27219-14.patch, gnu/packages/patches/glib-CVE-2021-27219-15.patch, gnu/packages/patches/glib-CVE-2021-27219-16.patch, gnu/packages/patches/glib-CVE-2021-27219-17.patch, gnu/packages/patches/glib-CVE-2021-27219-18.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/glib.scm (glib)[replacement]: New field. (glib/fixed): New variable. 2021-03-11 05:34:28 -05:00			`From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001`
			`From: Philip Withnall <pwithnall@endlessos.org>`
			`Date: Wed, 10 Feb 2021 21:19:30 +0000`
			`Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group`
			`names`

			`These should never have been allowed; they will result in precondition`
			failures from the `GKeyFile` later on in the code.

			`A test will be added for this shortly.`

			`Signed-off-by: Philip Withnall <pwithnall@endlessos.org>`
			`---`
			`gio/gkeyfilesettingsbackend.c \| 7 +++++++`
			`1 file changed, 7 insertions(+)`

			`diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c`
			`index 861c3a661..de216e615 100644`
			`--- a/gio/gkeyfilesettingsbackend.c`
			`+++ b/gio/gkeyfilesettingsbackend.c`
			`@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb,`

			`last_slash = strrchr (key, '/');`

			`+ /* Disallow empty group names or key names */`
			`+ if (key_len == 0 \|\|`
			`+ (last_slash != NULL &&`
			`+ (*(last_slash + 1) == '\0' \|\|`
			`+ last_slash == key)))`
			`+ return FALSE;`
			`+`
			`if (kfsb->root_group)`
			`{`
			`/* if a root_group was specified, make sure the user hasn't given`
			`--`
			`2.30.1`