diff options
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch')
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch new file mode 100644 index 0000000000..356e986fe0 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch | |||
@@ -0,0 +1,100 @@ | |||
1 | From 3d1550354c3c6a8491c39881752d51cb7515f2c2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Simon McVittie <smcv@collabora.com> | ||
3 | Date: Mon, 8 Feb 2021 10:22:39 +0000 | ||
4 | Subject: [PATCH 5/5] tls-interaction: Add test coverage for various ways to | ||
5 | set the password | ||
6 | |||
7 | Signed-off-by: Simon McVittie <smcv@collabora.com> | ||
8 | (cherry picked from commit df4501316ca3903072400504a5ea76498db19538) | ||
9 | |||
10 | Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] | ||
11 | CVE: CVE-2021-27219 | ||
12 | Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | ||
13 | |||
14 | --- | ||
15 | gio/tests/tls-interaction.c | 55 +++++++++++++++++++++++++++++++++++++ | ||
16 | 1 file changed, 55 insertions(+) | ||
17 | |||
18 | diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c | ||
19 | index 4f0737d7e..5661e8e0d 100644 | ||
20 | --- a/gio/tests/tls-interaction.c | ||
21 | +++ b/gio/tests/tls-interaction.c | ||
22 | @@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction *interaction, | ||
23 | } | ||
24 | |||
25 | |||
26 | +/* Return a copy of @str that is allocated in a silly way, to exercise | ||
27 | + * custom free-functions. The returned pointer points to a copy of @str | ||
28 | + * in a buffer of the form "BEFORE \0 str \0 AFTER". */ | ||
29 | +static guchar * | ||
30 | +special_dup (const char *str) | ||
31 | +{ | ||
32 | + GString *buf = g_string_new ("BEFORE"); | ||
33 | + guchar *ret; | ||
34 | + | ||
35 | + g_string_append_c (buf, '\0'); | ||
36 | + g_string_append (buf, str); | ||
37 | + g_string_append_c (buf, '\0'); | ||
38 | + g_string_append (buf, "AFTER"); | ||
39 | + ret = (guchar *) g_string_free (buf, FALSE); | ||
40 | + return ret + strlen ("BEFORE") + 1; | ||
41 | +} | ||
42 | + | ||
43 | + | ||
44 | +/* Free a copy of @str that was made with special_dup(), after asserting | ||
45 | + * that it has not been corrupted. */ | ||
46 | +static void | ||
47 | +special_free (gpointer p) | ||
48 | +{ | ||
49 | + gchar *s = p; | ||
50 | + gchar *buf = s - strlen ("BEFORE") - 1; | ||
51 | + | ||
52 | + g_assert_cmpstr (buf, ==, "BEFORE"); | ||
53 | + g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER"); | ||
54 | + g_free (buf); | ||
55 | +} | ||
56 | + | ||
57 | + | ||
58 | static GTlsInteractionResult | ||
59 | test_interaction_ask_password_sync_success (GTlsInteraction *interaction, | ||
60 | GTlsPassword *password, | ||
61 | @@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction, | ||
62 | GError **error) | ||
63 | { | ||
64 | TestInteraction *self; | ||
65 | + const guchar *value; | ||
66 | + gsize len; | ||
67 | |||
68 | g_assert (TEST_IS_INTERACTION (interaction)); | ||
69 | self = TEST_INTERACTION (interaction); | ||
70 | @@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction, | ||
71 | g_assert (error != NULL); | ||
72 | g_assert (*error == NULL); | ||
73 | |||
74 | + /* Exercise different ways to set the value */ | ||
75 | + g_tls_password_set_value (password, (const guchar *) "foo", 4); | ||
76 | + len = 0; | ||
77 | + value = g_tls_password_get_value (password, &len); | ||
78 | + g_assert_cmpmem (value, len, "foo", 4); | ||
79 | + | ||
80 | + g_tls_password_set_value (password, (const guchar *) "bar", -1); | ||
81 | + len = 0; | ||
82 | + value = g_tls_password_get_value (password, &len); | ||
83 | + g_assert_cmpmem (value, len, "bar", 3); | ||
84 | + | ||
85 | + g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free); | ||
86 | + len = 0; | ||
87 | + value = g_tls_password_get_value (password, &len); | ||
88 | + g_assert_cmpmem (value, len, "baa", 4); | ||
89 | + | ||
90 | + g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free); | ||
91 | + len = 0; | ||
92 | + value = g_tls_password_get_value (password, &len); | ||
93 | + g_assert_cmpmem (value, len, "baz", 3); | ||
94 | + | ||
95 | /* Don't do this in real life. Include a null terminator for testing */ | ||
96 | g_tls_password_set_value (password, (const guchar *)"the password", 13); | ||
97 | return G_TLS_INTERACTION_HANDLED; | ||
98 | -- | ||
99 | GitLab | ||
100 | |||