Sync from SUSE:ALP:Source:Standard:1.0 glib2 revision 1bf207558529c4f3acb08f9eaf400481

This commit is contained in:
Adrian Schröter 2024-12-10 12:35:26 +01:00
parent 90313a7f8b
commit eba29db45d
3 changed files with 54 additions and 0 deletions

View File

@ -0,0 +1,45 @@
From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Thu, 19 Sep 2024 18:35:53 +0100
Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
messages
`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
byte in the connect message, which is an addition in SOCKSv4a vs
SOCKSv4.
This means that the buffer for building and transmitting the connect
message could be overflowed if the username and hostname are both
`SOCKS4_MAX_LEN` (255) bytes long.
Proxy configurations are normally statically configured, so the username
is very unlikely to be near its maximum length, and hence this overflow
is unlikely to be triggered in practice.
(Commit message by Philip Withnall, diagnosis and fix by Michael
Catanzaro.)
Fixes: #3461
---
gio/gsocks4aproxy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
index 3dad118eb..b3146d08f 100644
--- a/gio/gsocks4aproxy.c
+++ b/gio/gsocks4aproxy.c
@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
* | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL |
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
- * 1 1 2 4 variable 1 variable
+ * 1 1 2 4 variable 1 variable 1
*/
-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2)
+#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2)
static gint
set_connect_msg (guint8 *msg,
const gchar *hostname,
--
2.47.0

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Nov 26 15:45:58 UTC 2024 - Michael Gorse <mgorse@suse.com>
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
(boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
-------------------------------------------------------------------
Mon Aug 19 19:42:14 UTC 2024 - Michael Gorse <mgorse@suse.com>

View File

@ -60,6 +60,8 @@ Patch4: glib2-gdbus-codegen-version.patch
Patch5: glib2-CVE-2024-34397.patch
# PATCH-FIX-UPSTREAM glib2-fix-ibus-regression.patch boo#1124044 mgorse@suse.com -- allow name owners to have the syntax of a well-known name.
Patch6: glib2-fix-ibus-regression.patch
# PATCH-FIX-UPSTREAM glib2-CVE-2024-52533.patch boo#1233282 mgorse@suse.com -- fix a single byte buffer overflow.
Patch7: glib2-CVE-2024-52533.patch
BuildRequires: docbook-xsl-stylesheets
BuildRequires: fdupes
@ -264,6 +266,7 @@ the functionality of the installed glib2 package.
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
cp -a %{SOURCE1} %{SOURCE2} %{SOURCE5} .
cp -a %{SOURCE4} gnome_defaults.conf