summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch')
-rw-r--r--meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch74
1 files changed, 74 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch
new file mode 100644
index 0000000000..d75594bb4f
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch
@@ -0,0 +1,74 @@
1From 52c5859b82fe79f2c32d883e048d218e0d7f2182 Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Wed, 30 Apr 2025 14:59:55 +0800
4Subject: [PATCH] CVE-2025-32911
5
6CVE: CVE-2025-32911 CVE-2025-32913
7Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/422/commits]
8
9Signed-off-by: Changqing Li <changqing.li@windriver.com>
10---
11 libsoup/soup-message-headers.c | 13 +++++++++----
12 tests/header-parsing-test.c | 15 +++++++++++++++
13 2 files changed, 24 insertions(+), 4 deletions(-)
14
15diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
16index 39ad14a..78b2455 100644
17--- a/libsoup/soup-message-headers.c
18+++ b/libsoup/soup-message-headers.c
19@@ -1454,10 +1454,15 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders *hdrs,
20 */
21 if (params && g_hash_table_lookup_extended (*params, "filename",
22 &orig_key, &orig_value)) {
23- char *filename = strrchr (orig_value, '/');
24-
25- if (filename)
26- g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
27+ if (orig_value) {
28+ char *filename = strrchr (orig_value, '/');
29+
30+ if (filename)
31+ g_hash_table_insert (*params, g_strdup (orig_key), g_strdup(filename + 1));
32+ } else {
33+ /* filename with no value isn't valid. */
34+ g_hash_table_remove (*params, "filename");
35+ }
36 }
37 return TRUE;
38 }
39diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
40index 946f118..752196e 100644
41--- a/tests/header-parsing-test.c
42+++ b/tests/header-parsing-test.c
43@@ -1034,6 +1034,7 @@ do_param_list_tests (void)
44 #define RFC5987_TEST_HEADER_FALLBACK "attachment; filename*=Unknown''t%FF%FF%FFst.txt; filename=\"test.txt\""
45 #define RFC5987_TEST_HEADER_NO_TYPE "filename=\"test.txt\""
46 #define RFC5987_TEST_HEADER_NO_TYPE_2 "filename=\"test.txt\"; foo=bar"
47+#define RFC5987_TEST_HEADER_EMPTY_FILENAME ";filename"
48
49 static void
50 do_content_disposition_tests (void)
51@@ -1133,6 +1134,20 @@ do_content_disposition_tests (void)
52 g_assert_cmpstr (filename, ==, RFC5987_TEST_FALLBACK_FILENAME);
53 parameter2 = g_hash_table_lookup (params, "foo");
54 g_assert_cmpstr (parameter2, ==, "bar");
55+ g_hash_table_destroy (params);
56+
57+ /* Empty filename */
58+ soup_message_headers_clear (hdrs);
59+ soup_message_headers_append (hdrs, "Content-Disposition",
60+ RFC5987_TEST_HEADER_EMPTY_FILENAME);
61+ if (!soup_message_headers_get_content_disposition (hdrs,
62+ &disposition,
63+ &params)) {
64+ soup_test_assert (FALSE, "empty filename decoding FAILED");
65+ return;
66+ }
67+ g_free (disposition);
68+ g_assert_false (g_hash_table_contains (params, "filename"));
69 g_hash_table_destroy (params);
70
71 soup_message_headers_free (hdrs);
72--
732.34.1
74