diff options
Diffstat (limited to 'meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch')
-rw-r--r-- | meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch new file mode 100644 index 0000000000..d75594bb4f --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch | |||
@@ -0,0 +1,74 @@ | |||
1 | From 52c5859b82fe79f2c32d883e048d218e0d7f2182 Mon Sep 17 00:00:00 2001 | ||
2 | From: Changqing Li <changqing.li@windriver.com> | ||
3 | Date: Wed, 30 Apr 2025 14:59:55 +0800 | ||
4 | Subject: [PATCH] CVE-2025-32911 | ||
5 | |||
6 | CVE: CVE-2025-32911 CVE-2025-32913 | ||
7 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/422/commits] | ||
8 | |||
9 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
10 | --- | ||
11 | libsoup/soup-message-headers.c | 13 +++++++++---- | ||
12 | tests/header-parsing-test.c | 15 +++++++++++++++ | ||
13 | 2 files changed, 24 insertions(+), 4 deletions(-) | ||
14 | |||
15 | diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c | ||
16 | index 39ad14a..78b2455 100644 | ||
17 | --- a/libsoup/soup-message-headers.c | ||
18 | +++ b/libsoup/soup-message-headers.c | ||
19 | @@ -1454,10 +1454,15 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders *hdrs, | ||
20 | */ | ||
21 | if (params && g_hash_table_lookup_extended (*params, "filename", | ||
22 | &orig_key, &orig_value)) { | ||
23 | - char *filename = strrchr (orig_value, '/'); | ||
24 | - | ||
25 | - if (filename) | ||
26 | - g_hash_table_insert (*params, g_strdup (orig_key), filename + 1); | ||
27 | + if (orig_value) { | ||
28 | + char *filename = strrchr (orig_value, '/'); | ||
29 | + | ||
30 | + if (filename) | ||
31 | + g_hash_table_insert (*params, g_strdup (orig_key), g_strdup(filename + 1)); | ||
32 | + } else { | ||
33 | + /* filename with no value isn't valid. */ | ||
34 | + g_hash_table_remove (*params, "filename"); | ||
35 | + } | ||
36 | } | ||
37 | return TRUE; | ||
38 | } | ||
39 | diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c | ||
40 | index 946f118..752196e 100644 | ||
41 | --- a/tests/header-parsing-test.c | ||
42 | +++ b/tests/header-parsing-test.c | ||
43 | @@ -1034,6 +1034,7 @@ do_param_list_tests (void) | ||
44 | #define RFC5987_TEST_HEADER_FALLBACK "attachment; filename*=Unknown''t%FF%FF%FFst.txt; filename=\"test.txt\"" | ||
45 | #define RFC5987_TEST_HEADER_NO_TYPE "filename=\"test.txt\"" | ||
46 | #define RFC5987_TEST_HEADER_NO_TYPE_2 "filename=\"test.txt\"; foo=bar" | ||
47 | +#define RFC5987_TEST_HEADER_EMPTY_FILENAME ";filename" | ||
48 | |||
49 | static void | ||
50 | do_content_disposition_tests (void) | ||
51 | @@ -1133,6 +1134,20 @@ do_content_disposition_tests (void) | ||
52 | g_assert_cmpstr (filename, ==, RFC5987_TEST_FALLBACK_FILENAME); | ||
53 | parameter2 = g_hash_table_lookup (params, "foo"); | ||
54 | g_assert_cmpstr (parameter2, ==, "bar"); | ||
55 | + g_hash_table_destroy (params); | ||
56 | + | ||
57 | + /* Empty filename */ | ||
58 | + soup_message_headers_clear (hdrs); | ||
59 | + soup_message_headers_append (hdrs, "Content-Disposition", | ||
60 | + RFC5987_TEST_HEADER_EMPTY_FILENAME); | ||
61 | + if (!soup_message_headers_get_content_disposition (hdrs, | ||
62 | + &disposition, | ||
63 | + ¶ms)) { | ||
64 | + soup_test_assert (FALSE, "empty filename decoding FAILED"); | ||
65 | + return; | ||
66 | + } | ||
67 | + g_free (disposition); | ||
68 | + g_assert_false (g_hash_table_contains (params, "filename")); | ||
69 | g_hash_table_destroy (params); | ||
70 | |||
71 | soup_message_headers_free (hdrs); | ||
72 | -- | ||
73 | 2.34.1 | ||
74 | |||