guix/gnu/packages/patches/glib-CVE-2021-27219-10.patch

From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 14:07:39 +0000
Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The public API `g_tls_password_set_value_full()` (and the vfunc it
invokes) can only accept a `gssize` length. Ensure that nul-terminated
strings passed to `g_tls_password_set_value()` can’t exceed that length.
Use `g_memdup2()` to avoid an overflow if they’re longer than
`G_MAXUINT` similarly.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
 gio/gtlspassword.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
index 1e437a7b6..dbcec41a8 100644
--- a/gio/gtlspassword.c
+++ b/gio/gtlspassword.c
@@ -23,6 +23,7 @@
 #include "glibintl.h"
 
 #include "gioenumtypes.h"
+#include "gstrfuncsprivate.h"
 #include "gtlspassword.h"
 
 #include <string.h>
@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword  *password,
   g_return_if_fail (G_IS_TLS_PASSWORD (password));
 
   if (length < 0)
-    length = strlen ((gchar *)value);
+    {
+      /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */
+      gsize length_unsigned = strlen ((gchar *) value);
+      g_return_if_fail (length_unsigned > G_MAXSSIZE);
+      length = (gssize) length_unsigned;
+    }
 
-  g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
+  g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
 }
 
 /**
-- 
2.30.1
-												gnu: glib: Fix CVE-2021-27218 and CVE-2021-27219.

* gnu/packages/patches/glib-CVE-2021-27218.patch,
gnu/packages/patches/glib-CVE-2021-27219-01.patch,
gnu/packages/patches/glib-CVE-2021-27219-02.patch,
gnu/packages/patches/glib-CVE-2021-27219-03.patch,
gnu/packages/patches/glib-CVE-2021-27219-04.patch,
gnu/packages/patches/glib-CVE-2021-27219-05.patch,
gnu/packages/patches/glib-CVE-2021-27219-06.patch,
gnu/packages/patches/glib-CVE-2021-27219-07.patch,
gnu/packages/patches/glib-CVE-2021-27219-08.patch,
gnu/packages/patches/glib-CVE-2021-27219-09.patch,
gnu/packages/patches/glib-CVE-2021-27219-10.patch,
gnu/packages/patches/glib-CVE-2021-27219-11.patch,
gnu/packages/patches/glib-CVE-2021-27219-12.patch,
gnu/packages/patches/glib-CVE-2021-27219-13.patch,
gnu/packages/patches/glib-CVE-2021-27219-14.patch,
gnu/packages/patches/glib-CVE-2021-27219-15.patch,
gnu/packages/patches/glib-CVE-2021-27219-16.patch,
gnu/packages/patches/glib-CVE-2021-27219-17.patch,
gnu/packages/patches/glib-CVE-2021-27219-18.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/glib.scm (glib)[replacement]: New field.
(glib/fixed): New variable.

											
										
										
											2021-03-11 05:34:28 -05:00
+								From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001
 								From: Philip Withnall <pwithnall@endlessos.org>
 								Date: Thu, 4 Feb 2021 14:07:39 +0000
 								Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords
 								MIME-Version: 1.0
 								Content-Type: text/plain; charset=UTF-8
 								Content-Transfer-Encoding: 8bit
 								The public API `g_tls_password_set_value_full()` (and the vfunc it
 								invokes) can only accept a `gssize` length. Ensure that nul-terminated
 								strings passed to `g_tls_password_set_value()` can’t exceed that length.
 								Use `g_memdup2()` to avoid an overflow if they’re longer than
 								`G_MAXUINT` similarly.
 								Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
 								Helps: #2319
 								---
 								 gio/gtlspassword.c | 10 ++++++++--
 file changed, 8 insertions(+), 2 deletions(-)
 								diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
 								index 1e437a7b6..dbcec41a8 100644
 								--- a/gio/gtlspassword.c
 								+++ b/gio/gtlspassword.c
@@ -23,6 +23,7 @@
 								 #include "glibintl.h"
 								 #include "gioenumtypes.h"
 								+#include "gstrfuncsprivate.h"
 								 #include "gtlspassword.h"
 								 #include <string.h>
@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword  *password,
 								   g_return_if_fail (G_IS_TLS_PASSWORD (password));
 								   if (length < 0)
 								-    length = strlen ((gchar *)value);
 								+    {
 								+      /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */
 								+      gsize length_unsigned = strlen ((gchar *) value);
 								+      g_return_if_fail (length_unsigned > G_MAXSSIZE);
 								+      length = (gssize) length_unsigned;
 								+    }
 								-  g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
 								+  g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
 								 }
 								 /**
 								--
 .30.1