diff options
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch')
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch new file mode 100644 index 0000000000..8efb7c720f --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch | |||
@@ -0,0 +1,100 @@ | |||
1 | From 65ec7f4d6e8832c481f6e00e2eb007b9a60024ce Mon Sep 17 00:00:00 2001 | ||
2 | From: Philip Withnall <pwithnall@endlessos.org> | ||
3 | Date: Thu, 4 Feb 2021 14:00:53 +0000 | ||
4 | Subject: [PATCH 09/11] =?UTF-8?q?gsocket:=20Use=20gsize=20to=20track=20nat?= | ||
5 | =?UTF-8?q?ive=20sockaddr=E2=80=99s=20size?= | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | Don’t use an `int`, that’s potentially too small. In practical terms, | ||
11 | this is not a problem, since no socket address is going to be that big. | ||
12 | |||
13 | By making these changes we can use `g_memdup2()` without warnings, | ||
14 | though. Fewer warnings is good. | ||
15 | |||
16 | Signed-off-by: Philip Withnall <pwithnall@endlessos.org> | ||
17 | Helps: #2319 | ||
18 | |||
19 | Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] | ||
20 | CVE: CVE-2021-27219 | ||
21 | Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> | ||
22 | Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | ||
23 | |||
24 | --- | ||
25 | gio/gsocket.c | 16 ++++++++++------ | ||
26 | 1 file changed, 10 insertions(+), 6 deletions(-) | ||
27 | |||
28 | --- a/gio/gsocket.c | ||
29 | +++ b/gio/gsocket.c | ||
30 | @@ -75,6 +75,7 @@ | ||
31 | #include "gcredentialsprivate.h" | ||
32 | #include "glibintl.h" | ||
33 | #include "gioprivate.h" | ||
34 | +#include "gstrfuncsprivate.h" | ||
35 | |||
36 | #ifdef G_OS_WIN32 | ||
37 | /* For Windows XP runtime compatibility, but use the system's if_nametoindex() if available */ | ||
38 | @@ -174,7 +175,7 @@ static gboolean g_socket_datagram_ba | ||
39 | GError **error); | ||
40 | |||
41 | static GSocketAddress * | ||
42 | -cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len); | ||
43 | +cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len); | ||
44 | |||
45 | static gssize | ||
46 | g_socket_receive_message_with_timeout (GSocket *socket, | ||
47 | @@ -260,7 +261,7 @@ struct _GSocketPrivate | ||
48 | struct { | ||
49 | GSocketAddress *addr; | ||
50 | struct sockaddr *native; | ||
51 | - gint native_len; | ||
52 | + gsize native_len; | ||
53 | guint64 last_used; | ||
54 | } recv_addr_cache[RECV_ADDR_CACHE_SIZE]; | ||
55 | }; | ||
56 | @@ -5259,14 +5260,14 @@ g_socket_send_messages_with_timeout (GSo | ||
57 | } | ||
58 | |||
59 | static GSocketAddress * | ||
60 | -cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len) | ||
61 | +cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len) | ||
62 | { | ||
63 | GSocketAddress *saddr; | ||
64 | gint i; | ||
65 | guint64 oldest_time = G_MAXUINT64; | ||
66 | gint oldest_index = 0; | ||
67 | |||
68 | - if (native_len <= 0) | ||
69 | + if (native_len == 0) | ||
70 | return NULL; | ||
71 | |||
72 | saddr = NULL; | ||
73 | @@ -5274,7 +5275,7 @@ cache_recv_address (GSocket *socket, str | ||
74 | { | ||
75 | GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr; | ||
76 | gpointer tmp_native = socket->priv->recv_addr_cache[i].native; | ||
77 | - gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len; | ||
78 | + gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len; | ||
79 | |||
80 | if (!tmp) | ||
81 | continue; | ||
82 | @@ -5304,7 +5305,7 @@ cache_recv_address (GSocket *socket, str | ||
83 | g_free (socket->priv->recv_addr_cache[oldest_index].native); | ||
84 | } | ||
85 | |||
86 | - socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len); | ||
87 | + socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len); | ||
88 | socket->priv->recv_addr_cache[oldest_index].native_len = native_len; | ||
89 | socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr); | ||
90 | socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time (); | ||
91 | @@ -5452,6 +5453,9 @@ g_socket_receive_message_with_timeout (G | ||
92 | /* do it */ | ||
93 | while (1) | ||
94 | { | ||
95 | + /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */ | ||
96 | + G_STATIC_ASSERT (sizeof addr <= G_MAXINT); | ||
97 | + | ||
98 | addrlen = sizeof addr; | ||
99 | if (address) | ||
100 | result = WSARecvFrom (socket->priv->fd, | ||