diff options
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch')
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch | 232 |
1 files changed, 232 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch new file mode 100644 index 0000000000..65f59287a8 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch | |||
@@ -0,0 +1,232 @@ | |||
1 | Backport of: | ||
2 | |||
3 | From 221c26685354dea2b2732df94404e8e5e77a1591 Mon Sep 17 00:00:00 2001 | ||
4 | From: Philip Withnall <pwithnall@endlessos.org> | ||
5 | Date: Wed, 10 Feb 2021 21:21:36 +0000 | ||
6 | Subject: [PATCH 3/3] tests: Add tests for key name handling in the keyfile | ||
7 | backend | ||
8 | |||
9 | This tests the two recent commits. | ||
10 | |||
11 | Signed-off-by: Philip Withnall <pwithnall@endlessos.org> | ||
12 | |||
13 | Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] | ||
14 | CVE: CVE-2021-27219 | ||
15 | Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | ||
16 | |||
17 | --- | ||
18 | gio/tests/gsettings.c | 170 +++++++++++++++++++++++++++++++++++++++++- | ||
19 | 1 file changed, 169 insertions(+), 1 deletion(-) | ||
20 | |||
21 | --- a/gio/tests/gsettings.c | ||
22 | +++ b/gio/tests/gsettings.c | ||
23 | @@ -1,3 +1,4 @@ | ||
24 | +#include <errno.h> | ||
25 | #include <stdlib.h> | ||
26 | #include <locale.h> | ||
27 | #include <libintl.h> | ||
28 | @@ -1740,6 +1741,14 @@ key_changed_cb (GSettings *settings, con | ||
29 | (*b) = TRUE; | ||
30 | } | ||
31 | |||
32 | +typedef struct | ||
33 | +{ | ||
34 | + const gchar *path; | ||
35 | + const gchar *root_group; | ||
36 | + const gchar *keyfile_group; | ||
37 | + const gchar *root_path; | ||
38 | +} KeyfileTestData; | ||
39 | + | ||
40 | /* | ||
41 | * Test that using a keyfile works | ||
42 | */ | ||
43 | @@ -1834,7 +1843,11 @@ test_keyfile (Fixture *fixture, | ||
44 | g_free (str); | ||
45 | |||
46 | g_settings_set (settings, "farewell", "s", "cheerio"); | ||
47 | - | ||
48 | + | ||
49 | + /* Check that empty keys/groups are not allowed. */ | ||
50 | + g_assert_false (g_settings_is_writable (settings, "")); | ||
51 | + g_assert_false (g_settings_is_writable (settings, "/")); | ||
52 | + | ||
53 | /* When executing as root, changing the mode of the keyfile will have | ||
54 | * no effect on the writability of the settings. | ||
55 | */ | ||
56 | @@ -1866,6 +1879,149 @@ test_keyfile (Fixture *fixture, | ||
57 | g_free (keyfile_path); | ||
58 | } | ||
59 | |||
60 | +/* | ||
61 | + * Test that using a keyfile works with a schema with no path set. | ||
62 | + */ | ||
63 | +static void | ||
64 | +test_keyfile_no_path (Fixture *fixture, | ||
65 | + gconstpointer user_data) | ||
66 | +{ | ||
67 | + const KeyfileTestData *test_data = user_data; | ||
68 | + GSettingsBackend *kf_backend; | ||
69 | + GSettings *settings; | ||
70 | + GKeyFile *keyfile; | ||
71 | + gboolean writable; | ||
72 | + gchar *key = NULL; | ||
73 | + GError *error = NULL; | ||
74 | + gchar *keyfile_path = NULL, *store_path = NULL; | ||
75 | + | ||
76 | + keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); | ||
77 | + store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); | ||
78 | + kf_backend = g_keyfile_settings_backend_new (store_path, test_data->root_path, test_data->root_group); | ||
79 | + settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, test_data->path); | ||
80 | + g_object_unref (kf_backend); | ||
81 | + | ||
82 | + g_settings_reset (settings, "test-boolean"); | ||
83 | + g_assert_true (g_settings_get_boolean (settings, "test-boolean")); | ||
84 | + | ||
85 | + writable = g_settings_is_writable (settings, "test-boolean"); | ||
86 | + g_assert_true (writable); | ||
87 | + g_settings_set (settings, "test-boolean", "b", FALSE); | ||
88 | + | ||
89 | + g_assert_false (g_settings_get_boolean (settings, "test-boolean")); | ||
90 | + | ||
91 | + g_settings_delay (settings); | ||
92 | + g_settings_set (settings, "test-boolean", "b", TRUE); | ||
93 | + g_settings_apply (settings); | ||
94 | + | ||
95 | + keyfile = g_key_file_new (); | ||
96 | + g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL)); | ||
97 | + | ||
98 | + g_assert_true (g_key_file_get_boolean (keyfile, test_data->keyfile_group, "test-boolean", NULL)); | ||
99 | + | ||
100 | + g_key_file_free (keyfile); | ||
101 | + | ||
102 | + g_settings_reset (settings, "test-boolean"); | ||
103 | + g_settings_apply (settings); | ||
104 | + keyfile = g_key_file_new (); | ||
105 | + g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL)); | ||
106 | + | ||
107 | + g_assert_false (g_key_file_get_string (keyfile, test_data->keyfile_group, "test-boolean", &error)); | ||
108 | + g_assert_error (error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND); | ||
109 | + g_clear_error (&error); | ||
110 | + | ||
111 | + /* Check that empty keys/groups are not allowed. */ | ||
112 | + g_assert_false (g_settings_is_writable (settings, "")); | ||
113 | + g_assert_false (g_settings_is_writable (settings, "/")); | ||
114 | + | ||
115 | + /* Keys which ghost the root group name are not allowed. This can only be | ||
116 | + * tested when the path is `/` as otherwise it acts as a prefix and prevents | ||
117 | + * any ghosting. */ | ||
118 | + if (g_str_equal (test_data->path, "/")) | ||
119 | + { | ||
120 | + key = g_strdup_printf ("%s/%s", test_data->root_group, ""); | ||
121 | + g_assert_false (g_settings_is_writable (settings, key)); | ||
122 | + g_free (key); | ||
123 | + | ||
124 | + key = g_strdup_printf ("%s/%s", test_data->root_group, "/"); | ||
125 | + g_assert_false (g_settings_is_writable (settings, key)); | ||
126 | + g_free (key); | ||
127 | + | ||
128 | + key = g_strdup_printf ("%s/%s", test_data->root_group, "test-boolean"); | ||
129 | + g_assert_false (g_settings_is_writable (settings, key)); | ||
130 | + g_free (key); | ||
131 | + } | ||
132 | + | ||
133 | + g_key_file_free (keyfile); | ||
134 | + g_object_unref (settings); | ||
135 | + | ||
136 | + /* Clean up the temporary directory. */ | ||
137 | + g_assert_cmpint (g_chmod (keyfile_path, 0777) == 0 ? 0 : errno, ==, 0); | ||
138 | + g_assert_cmpint (g_remove (store_path) == 0 ? 0 : errno, ==, 0); | ||
139 | + g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); | ||
140 | + g_free (store_path); | ||
141 | + g_free (keyfile_path); | ||
142 | +} | ||
143 | + | ||
144 | +/* | ||
145 | + * Test that a keyfile rejects writes to keys outside its root path. | ||
146 | + */ | ||
147 | +static void | ||
148 | +test_keyfile_outside_root_path (Fixture *fixture, | ||
149 | + gconstpointer user_data) | ||
150 | +{ | ||
151 | + GSettingsBackend *kf_backend; | ||
152 | + GSettings *settings; | ||
153 | + gchar *keyfile_path = NULL, *store_path = NULL; | ||
154 | + | ||
155 | + keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); | ||
156 | + store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); | ||
157 | + kf_backend = g_keyfile_settings_backend_new (store_path, "/tests/basic-types/", "root"); | ||
158 | + settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/tests/"); | ||
159 | + g_object_unref (kf_backend); | ||
160 | + | ||
161 | + g_assert_false (g_settings_is_writable (settings, "test-boolean")); | ||
162 | + | ||
163 | + g_object_unref (settings); | ||
164 | + | ||
165 | + /* Clean up the temporary directory. The keyfile probably doesn’t exist, so | ||
166 | + * don’t error on failure. */ | ||
167 | + g_remove (store_path); | ||
168 | + g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); | ||
169 | + g_free (store_path); | ||
170 | + g_free (keyfile_path); | ||
171 | +} | ||
172 | + | ||
173 | +/* | ||
174 | + * Test that a keyfile rejects writes to keys in the root if no root group is set. | ||
175 | + */ | ||
176 | +static void | ||
177 | +test_keyfile_no_root_group (Fixture *fixture, | ||
178 | + gconstpointer user_data) | ||
179 | +{ | ||
180 | + GSettingsBackend *kf_backend; | ||
181 | + GSettings *settings; | ||
182 | + gchar *keyfile_path = NULL, *store_path = NULL; | ||
183 | + | ||
184 | + keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); | ||
185 | + store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); | ||
186 | + kf_backend = g_keyfile_settings_backend_new (store_path, "/", NULL); | ||
187 | + settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/"); | ||
188 | + g_object_unref (kf_backend); | ||
189 | + | ||
190 | + g_assert_false (g_settings_is_writable (settings, "test-boolean")); | ||
191 | + g_assert_true (g_settings_is_writable (settings, "child/test-boolean")); | ||
192 | + | ||
193 | + g_object_unref (settings); | ||
194 | + | ||
195 | + /* Clean up the temporary directory. The keyfile probably doesn’t exist, so | ||
196 | + * don’t error on failure. */ | ||
197 | + g_remove (store_path); | ||
198 | + g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); | ||
199 | + g_free (store_path); | ||
200 | + g_free (keyfile_path); | ||
201 | +} | ||
202 | + | ||
203 | /* Test that getting child schemas works | ||
204 | */ | ||
205 | static void | ||
206 | @@ -2844,6 +3000,14 @@ main (int argc, char *argv[]) | ||
207 | gchar *override_text; | ||
208 | gchar *enums; | ||
209 | gint result; | ||
210 | + const KeyfileTestData keyfile_test_data_explicit_path = { "/tests/", "root", "tests", "/" }; | ||
211 | + const KeyfileTestData keyfile_test_data_empty_path = { "/", "root", "root", "/" }; | ||
212 | + const KeyfileTestData keyfile_test_data_long_path = { | ||
213 | + "/tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch/", | ||
214 | + "root", | ||
215 | + "tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch", | ||
216 | + "/" | ||
217 | + }; | ||
218 | |||
219 | /* Meson build sets this */ | ||
220 | #ifdef TEST_LOCALE_PATH | ||
221 | @@ -2967,6 +3131,11 @@ main (int argc, char *argv[]) | ||
222 | } | ||
223 | |||
224 | g_test_add ("/gsettings/keyfile", Fixture, NULL, setup, test_keyfile, teardown); | ||
225 | + g_test_add ("/gsettings/keyfile/explicit-path", Fixture, &keyfile_test_data_explicit_path, setup, test_keyfile_no_path, teardown); | ||
226 | + g_test_add ("/gsettings/keyfile/empty-path", Fixture, &keyfile_test_data_empty_path, setup, test_keyfile_no_path, teardown); | ||
227 | + g_test_add ("/gsettings/keyfile/long-path", Fixture, &keyfile_test_data_long_path, setup, test_keyfile_no_path, teardown); | ||
228 | + g_test_add ("/gsettings/keyfile/outside-root-path", Fixture, NULL, setup, test_keyfile_outside_root_path, teardown); | ||
229 | + g_test_add ("/gsettings/keyfile/no-root-group", Fixture, NULL, setup, test_keyfile_no_root_group, teardown); | ||
230 | g_test_add_func ("/gsettings/child-schema", test_child_schema); | ||
231 | g_test_add_func ("/gsettings/strinfo", test_strinfo); | ||
232 | g_test_add_func ("/gsettings/enums", test_enums); | ||