blob: 3047062f54171fcb1f3a5fc030b1f894205f57ad (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From f8273b9aded135fe07094faebd527e43851aaf6e Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Sun, 7 Feb 2021 23:32:40 +0100
Subject: [PATCH 1/5] giochannel: Fix length_size bounds check
The inverted condition is an obvious error introduced by ecdf91400e9a.
Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2323
(cherry picked from commit a149bf2f9030168051942124536e303af8ba6176)
Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
CVE: CVE-2021-27219
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
---
glib/giochannel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/glib/giochannel.c b/glib/giochannel.c
index 4dec20f77..c3f3102ff 100644
--- a/glib/giochannel.c
+++ b/glib/giochannel.c
@@ -896,7 +896,7 @@ g_io_channel_set_line_term (GIOChannel *channel,
{
/* FIXME: We’re constrained by line_term_len being a guint here */
gsize length_size = strlen (line_term);
- g_return_if_fail (length_size > G_MAXUINT);
+ g_return_if_fail (length_size <= G_MAXUINT);
length_unsigned = (guint) length_size;
}
--
GitLab
|
