diff options
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch')
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch new file mode 100644 index 0000000000..04503641c3 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001 | ||
2 | From: Philip Withnall <pwithnall@endlessos.org> | ||
3 | Date: Wed, 10 Feb 2021 21:19:30 +0000 | ||
4 | Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group | ||
5 | names | ||
6 | |||
7 | These should never have been allowed; they will result in precondition | ||
8 | failures from the `GKeyFile` later on in the code. | ||
9 | |||
10 | A test will be added for this shortly. | ||
11 | |||
12 | Signed-off-by: Philip Withnall <pwithnall@endlessos.org> | ||
13 | |||
14 | Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] | ||
15 | CVE: CVE-2021-27219 | ||
16 | Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | ||
17 | |||
18 | --- | ||
19 | gio/gkeyfilesettingsbackend.c | 7 +++++++ | ||
20 | 1 file changed, 7 insertions(+) | ||
21 | |||
22 | diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c | ||
23 | index 861c3a661..de216e615 100644 | ||
24 | --- a/gio/gkeyfilesettingsbackend.c | ||
25 | +++ b/gio/gkeyfilesettingsbackend.c | ||
26 | @@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb, | ||
27 | |||
28 | last_slash = strrchr (key, '/'); | ||
29 | |||
30 | + /* Disallow empty group names or key names */ | ||
31 | + if (key_len == 0 || | ||
32 | + (last_slash != NULL && | ||
33 | + (*(last_slash + 1) == '\0' || | ||
34 | + last_slash == key))) | ||
35 | + return FALSE; | ||
36 | + | ||
37 | if (kfsb->root_group) | ||
38 | { | ||
39 | /* if a root_group was specified, make sure the user hasn't given | ||
40 | -- | ||
41 | GitLab | ||
42 | |||
43 | |||