summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch')
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch232
1 files changed, 232 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch
new file mode 100644
index 0000000000..65f59287a8
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch
@@ -0,0 +1,232 @@
1Backport of:
2
3From 221c26685354dea2b2732df94404e8e5e77a1591 Mon Sep 17 00:00:00 2001
4From: Philip Withnall <pwithnall@endlessos.org>
5Date: Wed, 10 Feb 2021 21:21:36 +0000
6Subject: [PATCH 3/3] tests: Add tests for key name handling in the keyfile
7 backend
8
9This tests the two recent commits.
10
11Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
12
13Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
14CVE: CVE-2021-27219
15Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
16
17---
18 gio/tests/gsettings.c | 170 +++++++++++++++++++++++++++++++++++++++++-
19 1 file changed, 169 insertions(+), 1 deletion(-)
20
21--- a/gio/tests/gsettings.c
22+++ b/gio/tests/gsettings.c
23@@ -1,3 +1,4 @@
24+#include <errno.h>
25 #include <stdlib.h>
26 #include <locale.h>
27 #include <libintl.h>
28@@ -1740,6 +1741,14 @@ key_changed_cb (GSettings *settings, con
29 (*b) = TRUE;
30 }
31
32+typedef struct
33+{
34+ const gchar *path;
35+ const gchar *root_group;
36+ const gchar *keyfile_group;
37+ const gchar *root_path;
38+} KeyfileTestData;
39+
40 /*
41 * Test that using a keyfile works
42 */
43@@ -1834,7 +1843,11 @@ test_keyfile (Fixture *fixture,
44 g_free (str);
45
46 g_settings_set (settings, "farewell", "s", "cheerio");
47-
48+
49+ /* Check that empty keys/groups are not allowed. */
50+ g_assert_false (g_settings_is_writable (settings, ""));
51+ g_assert_false (g_settings_is_writable (settings, "/"));
52+
53 /* When executing as root, changing the mode of the keyfile will have
54 * no effect on the writability of the settings.
55 */
56@@ -1866,6 +1879,149 @@ test_keyfile (Fixture *fixture,
57 g_free (keyfile_path);
58 }
59
60+/*
61+ * Test that using a keyfile works with a schema with no path set.
62+ */
63+static void
64+test_keyfile_no_path (Fixture *fixture,
65+ gconstpointer user_data)
66+{
67+ const KeyfileTestData *test_data = user_data;
68+ GSettingsBackend *kf_backend;
69+ GSettings *settings;
70+ GKeyFile *keyfile;
71+ gboolean writable;
72+ gchar *key = NULL;
73+ GError *error = NULL;
74+ gchar *keyfile_path = NULL, *store_path = NULL;
75+
76+ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
77+ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
78+ kf_backend = g_keyfile_settings_backend_new (store_path, test_data->root_path, test_data->root_group);
79+ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, test_data->path);
80+ g_object_unref (kf_backend);
81+
82+ g_settings_reset (settings, "test-boolean");
83+ g_assert_true (g_settings_get_boolean (settings, "test-boolean"));
84+
85+ writable = g_settings_is_writable (settings, "test-boolean");
86+ g_assert_true (writable);
87+ g_settings_set (settings, "test-boolean", "b", FALSE);
88+
89+ g_assert_false (g_settings_get_boolean (settings, "test-boolean"));
90+
91+ g_settings_delay (settings);
92+ g_settings_set (settings, "test-boolean", "b", TRUE);
93+ g_settings_apply (settings);
94+
95+ keyfile = g_key_file_new ();
96+ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL));
97+
98+ g_assert_true (g_key_file_get_boolean (keyfile, test_data->keyfile_group, "test-boolean", NULL));
99+
100+ g_key_file_free (keyfile);
101+
102+ g_settings_reset (settings, "test-boolean");
103+ g_settings_apply (settings);
104+ keyfile = g_key_file_new ();
105+ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL));
106+
107+ g_assert_false (g_key_file_get_string (keyfile, test_data->keyfile_group, "test-boolean", &error));
108+ g_assert_error (error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND);
109+ g_clear_error (&error);
110+
111+ /* Check that empty keys/groups are not allowed. */
112+ g_assert_false (g_settings_is_writable (settings, ""));
113+ g_assert_false (g_settings_is_writable (settings, "/"));
114+
115+ /* Keys which ghost the root group name are not allowed. This can only be
116+ * tested when the path is `/` as otherwise it acts as a prefix and prevents
117+ * any ghosting. */
118+ if (g_str_equal (test_data->path, "/"))
119+ {
120+ key = g_strdup_printf ("%s/%s", test_data->root_group, "");
121+ g_assert_false (g_settings_is_writable (settings, key));
122+ g_free (key);
123+
124+ key = g_strdup_printf ("%s/%s", test_data->root_group, "/");
125+ g_assert_false (g_settings_is_writable (settings, key));
126+ g_free (key);
127+
128+ key = g_strdup_printf ("%s/%s", test_data->root_group, "test-boolean");
129+ g_assert_false (g_settings_is_writable (settings, key));
130+ g_free (key);
131+ }
132+
133+ g_key_file_free (keyfile);
134+ g_object_unref (settings);
135+
136+ /* Clean up the temporary directory. */
137+ g_assert_cmpint (g_chmod (keyfile_path, 0777) == 0 ? 0 : errno, ==, 0);
138+ g_assert_cmpint (g_remove (store_path) == 0 ? 0 : errno, ==, 0);
139+ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
140+ g_free (store_path);
141+ g_free (keyfile_path);
142+}
143+
144+/*
145+ * Test that a keyfile rejects writes to keys outside its root path.
146+ */
147+static void
148+test_keyfile_outside_root_path (Fixture *fixture,
149+ gconstpointer user_data)
150+{
151+ GSettingsBackend *kf_backend;
152+ GSettings *settings;
153+ gchar *keyfile_path = NULL, *store_path = NULL;
154+
155+ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
156+ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
157+ kf_backend = g_keyfile_settings_backend_new (store_path, "/tests/basic-types/", "root");
158+ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/tests/");
159+ g_object_unref (kf_backend);
160+
161+ g_assert_false (g_settings_is_writable (settings, "test-boolean"));
162+
163+ g_object_unref (settings);
164+
165+ /* Clean up the temporary directory. The keyfile probably doesn’t exist, so
166+ * don’t error on failure. */
167+ g_remove (store_path);
168+ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
169+ g_free (store_path);
170+ g_free (keyfile_path);
171+}
172+
173+/*
174+ * Test that a keyfile rejects writes to keys in the root if no root group is set.
175+ */
176+static void
177+test_keyfile_no_root_group (Fixture *fixture,
178+ gconstpointer user_data)
179+{
180+ GSettingsBackend *kf_backend;
181+ GSettings *settings;
182+ gchar *keyfile_path = NULL, *store_path = NULL;
183+
184+ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
185+ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
186+ kf_backend = g_keyfile_settings_backend_new (store_path, "/", NULL);
187+ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/");
188+ g_object_unref (kf_backend);
189+
190+ g_assert_false (g_settings_is_writable (settings, "test-boolean"));
191+ g_assert_true (g_settings_is_writable (settings, "child/test-boolean"));
192+
193+ g_object_unref (settings);
194+
195+ /* Clean up the temporary directory. The keyfile probably doesn’t exist, so
196+ * don’t error on failure. */
197+ g_remove (store_path);
198+ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
199+ g_free (store_path);
200+ g_free (keyfile_path);
201+}
202+
203 /* Test that getting child schemas works
204 */
205 static void
206@@ -2844,6 +3000,14 @@ main (int argc, char *argv[])
207 gchar *override_text;
208 gchar *enums;
209 gint result;
210+ const KeyfileTestData keyfile_test_data_explicit_path = { "/tests/", "root", "tests", "/" };
211+ const KeyfileTestData keyfile_test_data_empty_path = { "/", "root", "root", "/" };
212+ const KeyfileTestData keyfile_test_data_long_path = {
213+ "/tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch/",
214+ "root",
215+ "tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch",
216+ "/"
217+ };
218
219 /* Meson build sets this */
220 #ifdef TEST_LOCALE_PATH
221@@ -2967,6 +3131,11 @@ main (int argc, char *argv[])
222 }
223
224 g_test_add ("/gsettings/keyfile", Fixture, NULL, setup, test_keyfile, teardown);
225+ g_test_add ("/gsettings/keyfile/explicit-path", Fixture, &keyfile_test_data_explicit_path, setup, test_keyfile_no_path, teardown);
226+ g_test_add ("/gsettings/keyfile/empty-path", Fixture, &keyfile_test_data_empty_path, setup, test_keyfile_no_path, teardown);
227+ g_test_add ("/gsettings/keyfile/long-path", Fixture, &keyfile_test_data_long_path, setup, test_keyfile_no_path, teardown);
228+ g_test_add ("/gsettings/keyfile/outside-root-path", Fixture, NULL, setup, test_keyfile_outside_root_path, teardown);
229+ g_test_add ("/gsettings/keyfile/no-root-group", Fixture, NULL, setup, test_keyfile_no_root_group, teardown);
230 g_test_add_func ("/gsettings/child-schema", test_child_schema);
231 g_test_add_func ("/gsettings/strinfo", test_strinfo);
232 g_test_add_func ("/gsettings/enums", test_enums);