diff options
| author | Anatol Belski <anbelski@linux.microsoft.com> | 2021-02-03 08:42:57 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-02-10 23:55:53 +0000 |
| commit | afc3d8d3cb351944b7a346bfa4acd81d2c30fbf9 (patch) | |
| tree | 7f0afa444695a7f636d8846c3a3a5f5b6ca83860 /meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch | |
| parent | 8db324f171d6f2d1c8952effacea08c56a0fbe81 (diff) | |
| download | poky-afc3d8d3cb351944b7a346bfa4acd81d2c30fbf9.tar.gz | |
glib-2.0: Rename patch file for CVE-2020-35457
The naming convention needs to be help so the CVE is recognized as
fixed by the tooling.
(From OE-Core rev: abfcabb070ef133f9b76c08b044a9fccd474b7ca)
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch')
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch new file mode 100644 index 0000000000..17dcada613 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch | |||
| @@ -0,0 +1,41 @@ | |||
| 1 | From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Philip Withnall <withnall@endlessm.com> | ||
| 3 | Date: Wed, 2 Sep 2020 12:38:09 +0100 | ||
| 4 | Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list | ||
| 5 | overflow | ||
| 6 | MIME-Version: 1.0 | ||
| 7 | Content-Type: text/plain; charset=UTF-8 | ||
| 8 | Content-Transfer-Encoding: 8bit | ||
| 9 | |||
| 10 | If the calling code adds more option entries than `G_MAXSIZE` then | ||
| 11 | there’ll be an integer overflow. This seems vanishingly unlikely (given | ||
| 12 | that all callers use static option entry lists), but add a precondition | ||
| 13 | anyway. | ||
| 14 | |||
| 15 | Signed-off-by: Philip Withnall <withnall@endlessm.com> | ||
| 16 | |||
| 17 | Fixes: #2197 | ||
| 18 | --- | ||
| 19 | glib/goption.c | 2 ++ | ||
| 20 | 1 file changed, 2 insertions(+) | ||
| 21 | |||
| 22 | CVE: CVE-2020-35457 | ||
| 23 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d] | ||
| 24 | Comment: adjusted offset by -5 to fix patch fuzz warning | ||
| 25 | |||
| 26 | diff --git a/glib/goption.c b/glib/goption.c | ||
| 27 | index 9f5b977c4..bb9093a33 100644 | ||
| 28 | --- a/glib/goption.c | ||
| 29 | +++ b/glib/goption.c | ||
| 30 | @@ -2417,6 +2417,8 @@ g_option_group_add_entries (GOptionGroup *group, | ||
| 31 | |||
| 32 | for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ; | ||
| 33 | |||
| 34 | + g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries); | ||
| 35 | + | ||
| 36 | group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries); | ||
| 37 | |||
| 38 | /* group->entries could be NULL in the trivial case where we add no | ||
| 39 | -- | ||
| 40 | 2.20.1 | ||
| 41 | |||