diff options
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch')
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch new file mode 100644 index 0000000000..f183939c45 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch | |||
@@ -0,0 +1,76 @@ | |||
1 | From 2aaf593a9eb96d84fe3be740aca2810a97d95592 Mon Sep 17 00:00:00 2001 | ||
2 | From: Philip Withnall <pwithnall@endlessos.org> | ||
3 | Date: Thu, 4 Feb 2021 13:50:37 +0000 | ||
4 | Subject: [PATCH 07/11] gwin32: Use gsize internally in g_wcsdup() | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | This allows it to handle strings up to length `G_MAXSIZE` — previously | ||
10 | it would overflow with such strings. | ||
11 | |||
12 | Update the several copies of it identically. | ||
13 | |||
14 | Signed-off-by: Philip Withnall <pwithnall@endlessos.org> | ||
15 | Helps: #2319 | ||
16 | |||
17 | Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] | ||
18 | CVE: CVE-2021-27219 | ||
19 | Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> | ||
20 | Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | ||
21 | |||
22 | --- | ||
23 | gio/gwin32registrykey.c | 34 ++++++++++++++++++++++++++-------- | ||
24 | 2 files changed, 38 insertions(+), 16 deletions(-) | ||
25 | |||
26 | diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c | ||
27 | index 548a94188..2eb67daf8 100644 | ||
28 | --- a/gio/gwin32registrykey.c | ||
29 | +++ b/gio/gwin32registrykey.c | ||
30 | @@ -127,16 +127,34 @@ typedef enum | ||
31 | G_WIN32_REGISTRY_UPDATED_PATH = 1, | ||
32 | } GWin32RegistryKeyUpdateFlag; | ||
33 | |||
34 | +static gsize | ||
35 | +g_utf16_len (const gunichar2 *str) | ||
36 | +{ | ||
37 | + gsize result; | ||
38 | + | ||
39 | + for (result = 0; str[0] != 0; str++, result++) | ||
40 | + ; | ||
41 | + | ||
42 | + return result; | ||
43 | +} | ||
44 | + | ||
45 | static gunichar2 * | ||
46 | -g_wcsdup (const gunichar2 *str, | ||
47 | - gssize str_size) | ||
48 | +g_wcsdup (const gunichar2 *str, gssize str_len) | ||
49 | { | ||
50 | - if (str_size == -1) | ||
51 | - { | ||
52 | - str_size = wcslen (str) + 1; | ||
53 | - str_size *= sizeof (gunichar2); | ||
54 | - } | ||
55 | - return g_memdup (str, str_size); | ||
56 | + gsize str_len_unsigned; | ||
57 | + gsize str_size; | ||
58 | + | ||
59 | + g_return_val_if_fail (str != NULL, NULL); | ||
60 | + | ||
61 | + if (str_len < 0) | ||
62 | + str_len_unsigned = g_utf16_len (str); | ||
63 | + else | ||
64 | + str_len_unsigned = (gsize) str_len; | ||
65 | + | ||
66 | + g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1); | ||
67 | + str_size = (str_len_unsigned + 1) * sizeof (gunichar2); | ||
68 | + | ||
69 | + return g_memdup2 (str, str_size); | ||
70 | } | ||
71 | |||
72 | /** | ||
73 | -- | ||
74 | GitLab | ||
75 | |||
76 | |||