diff options
author | Siddharth Doshi <sdoshi@mvista.com> | 2023-10-15 21:00:39 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-10-20 05:35:30 -1000 |
commit | aa99487732ab1ae453becdda08a3e72de0b7b269 (patch) | |
tree | 4e116f258212e3f01bcc04c3f1882916252b4cdf /meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0009.patch | |
parent | 8ae21cd487a6147c3a2c9c2c0f0b2d5d149b7caf (diff) | |
download | poky-aa99487732ab1ae453becdda08a3e72de0b7b269.tar.gz |
glib-2.0: Fix multiple vulnerabilities
CVE's Fixed:
CVE-2023-29499: glib: GVariant offset table entry size is not checked in is_normal()
CVE-2023-32611: glib: g_variant_byteswap() can take a long time with some non-normal inputs
CVE-2023-32636: glib: Timeout in fuzz_variant_text
CVE-2023-32643: glib: Heap-buffer-overflow in g_variant_serialised_get_child
CVE-2023-32665: glib: GVariant deserialisation does not match spec for non-normal data
(From OE-Core rev: b576beba80d44e67762d46bf3bc2f14c05bc0f6b)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0009.patch')
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0009.patch | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0009.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0009.patch new file mode 100644 index 0000000000..a523e60b91 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0009.patch | |||
@@ -0,0 +1,97 @@ | |||
1 | From 298a537d5f6783e55d87e40011ee3fd3b22b72f9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Philip Withnall <pwithnall@endlessos.org> | ||
3 | Date: Thu, 17 Aug 2023 01:39:01 +0000 | ||
4 | Subject: [PATCH] gvariant: Zero-initialise various GVariantSerialised objects | ||
5 | |||
6 | The following few commits will add a couple of new fields to | ||
7 | `GVariantSerialised`, and they should be zero-filled by default. | ||
8 | |||
9 | Try and pre-empt that a bit by zero-filling `GVariantSerialised` by | ||
10 | default in a few places. | ||
11 | |||
12 | Signed-off-by: Philip Withnall <pwithnall@endlessos.org> | ||
13 | |||
14 | Helps: #2121 | ||
15 | |||
16 | CVE: CVE-2023-32665 | ||
17 | Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/glib/-/commit/298a537d5f6783e55d87e40011ee3fd3b22b72f9] | ||
18 | Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> | ||
19 | --- | ||
20 | glib/gvariant.c | 2 +- | ||
21 | glib/tests/gvariant.c | 12 ++++++------ | ||
22 | 2 files changed, 7 insertions(+), 7 deletions(-) | ||
23 | |||
24 | diff --git a/glib/gvariant.c b/glib/gvariant.c | ||
25 | index f910bd4..8ba701e 100644 | ||
26 | --- a/glib/gvariant.c | ||
27 | +++ b/glib/gvariant.c | ||
28 | @@ -5936,7 +5936,7 @@ g_variant_byteswap (GVariant *value) | ||
29 | if (alignment) | ||
30 | /* (potentially) contains multi-byte numeric data */ | ||
31 | { | ||
32 | - GVariantSerialised serialised; | ||
33 | + GVariantSerialised serialised = { 0, }; | ||
34 | GVariant *trusted; | ||
35 | GBytes *bytes; | ||
36 | |||
37 | diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c | ||
38 | index 640f3c0..d640c81 100644 | ||
39 | --- a/glib/tests/gvariant.c | ||
40 | +++ b/glib/tests/gvariant.c | ||
41 | @@ -1446,7 +1446,7 @@ test_maybe (void) | ||
42 | |||
43 | for (flavour = 0; flavour < 8; flavour += alignment) | ||
44 | { | ||
45 | - GVariantSerialised serialised; | ||
46 | + GVariantSerialised serialised = { 0, }; | ||
47 | GVariantSerialised child; | ||
48 | |||
49 | serialised.type_info = type_info; | ||
50 | @@ -1572,7 +1572,7 @@ test_array (void) | ||
51 | |||
52 | for (flavour = 0; flavour < 8; flavour += alignment) | ||
53 | { | ||
54 | - GVariantSerialised serialised; | ||
55 | + GVariantSerialised serialised = { 0, }; | ||
56 | |||
57 | serialised.type_info = array_info; | ||
58 | serialised.data = flavoured_malloc (needed_size, flavour); | ||
59 | @@ -1738,7 +1738,7 @@ test_tuple (void) | ||
60 | |||
61 | for (flavour = 0; flavour < 8; flavour += alignment) | ||
62 | { | ||
63 | - GVariantSerialised serialised; | ||
64 | + GVariantSerialised serialised = { 0, }; | ||
65 | |||
66 | serialised.type_info = type_info; | ||
67 | serialised.data = flavoured_malloc (needed_size, flavour); | ||
68 | @@ -1835,7 +1835,7 @@ test_variant (void) | ||
69 | |||
70 | for (flavour = 0; flavour < 8; flavour += alignment) | ||
71 | { | ||
72 | - GVariantSerialised serialised; | ||
73 | + GVariantSerialised serialised = { 0, }; | ||
74 | GVariantSerialised child; | ||
75 | |||
76 | serialised.type_info = type_info; | ||
77 | @@ -2284,7 +2284,7 @@ serialise_tree (TreeInstance *tree, | ||
78 | static void | ||
79 | test_byteswap (void) | ||
80 | { | ||
81 | - GVariantSerialised one, two; | ||
82 | + GVariantSerialised one = { 0, }, two = { 0, }; | ||
83 | TreeInstance *tree; | ||
84 | |||
85 | tree = tree_instance_new (NULL, 3); | ||
86 | @@ -2358,7 +2358,7 @@ test_serialiser_children (void) | ||
87 | static void | ||
88 | test_fuzz (gdouble *fuzziness) | ||
89 | { | ||
90 | - GVariantSerialised serialised; | ||
91 | + GVariantSerialised serialised = { 0, }; | ||
92 | TreeInstance *tree; | ||
93 | |||
94 | /* make an instance */ | ||
95 | -- | ||
96 | 2.24.4 | ||
97 | |||