ALP-pool/glib2
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 glib2 revision 1bf207558529c4f3acb08f9eaf400481

Browse Source
This commit is contained in:
Adrian Schröter 2024-12-10 12:35:26 +01:00
parent 90313a7f8b
commit eba29db45d
3 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
glib2-CVE-2024-52533.patch Normal file
View File

@ -0,0 +1,45 @@
From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Thu, 19 Sep 2024 18:35:53 +0100
Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
messages
`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
byte in the connect message, which is an addition in SOCKSv4a vs
SOCKSv4.
This means that the buffer for building and transmitting the connect
message could be overflowed if the username and hostname are both
`SOCKS4_MAX_LEN` (255) bytes long.
Proxy configurations are normally statically configured, so the username
is very unlikely to be near its maximum length, and hence this overflow
is unlikely to be triggered in practice.
(Commit message by Philip Withnall, diagnosis and fix by Michael
Catanzaro.)
Fixes: #3461
---
gio/gsocks4aproxy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
index 3dad118eb..b3146d08f 100644
--- a/gio/gsocks4aproxy.c
+++ b/gio/gsocks4aproxy.c
@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
* | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL |
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
- * 1 1 2 4 variable 1 variable
+ * 1 1 2 4 variable 1 variable 1
*/
-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2)
+#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2)
static gint
set_connect_msg (guint8 *msg,
const gchar *hostname,
--
2.47.0

6
glib2.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Nov 26 15:45:58 UTC 2024 - Michael Gorse <mgorse@suse.com>
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
(boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Aug 19 19:42:14 UTC 2024 - Michael Gorse <mgorse@suse.com> Mon Aug 19 19:42:14 UTC 2024 - Michael Gorse <mgorse@suse.com>

3
glib2.spec
View File

@ -60,6 +60,8 @@ Patch4: glib2-gdbus-codegen-version.patch
Patch5: glib2-CVE-2024-34397.patch Patch5: glib2-CVE-2024-34397.patch
# PATCH-FIX-UPSTREAM glib2-fix-ibus-regression.patch boo#1124044 mgorse@suse.com -- allow name owners to have the syntax of a well-known name. # PATCH-FIX-UPSTREAM glib2-fix-ibus-regression.patch boo#1124044 mgorse@suse.com -- allow name owners to have the syntax of a well-known name.
Patch6: glib2-fix-ibus-regression.patch Patch6: glib2-fix-ibus-regression.patch
# PATCH-FIX-UPSTREAM glib2-CVE-2024-52533.patch boo#1233282 mgorse@suse.com -- fix a single byte buffer overflow.
Patch7: glib2-CVE-2024-52533.patch
BuildRequires: docbook-xsl-stylesheets BuildRequires: docbook-xsl-stylesheets
BuildRequires: fdupes BuildRequires: fdupes
@ -264,6 +266,7 @@ the functionality of the installed glib2 package.
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1
cp -a %{SOURCE1} %{SOURCE2} %{SOURCE5} . cp -a %{SOURCE1} %{SOURCE2} %{SOURCE5} .
cp -a %{SOURCE4} gnome_defaults.conf cp -a %{SOURCE4} gnome_defaults.conf