Sync from SUSE:ALP:Source:Standard:1.0 glib2 revision 1bf207558529c4f3acb08f9eaf400481

2024-12-10 12:35:26 +01:00 · 2024-12-10 12:35:26 +01:00 · eba29db45d
commit eba29db45d
parent 90313a7f8b
3 changed files with 54 additions and 0 deletions
--- a/glib2-CVE-2024-52533.patch
+++ b/glib2-CVE-2024-52533.patch
@ -0,0 +1,45 @@
+From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 19 Sep 2024 18:35:53 +0100
+Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
+ messages
+
+`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
+byte in the connect message, which is an addition in SOCKSv4a vs
+SOCKSv4.
+
+This means that the buffer for building and transmitting the connect
+message could be overflowed if the username and hostname are both
+`SOCKS4_MAX_LEN` (255) bytes long.
+
+Proxy configurations are normally statically configured, so the username
+is very unlikely to be near its maximum length, and hence this overflow
+is unlikely to be triggered in practice.
+
+(Commit message by Philip Withnall, diagnosis and fix by Michael
+Catanzaro.)
+
+Fixes: #3461
+---
+ gio/gsocks4aproxy.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
+index 3dad118eb..b3146d08f 100644
+--- a/gio/gsocks4aproxy.c
+++ b/gio/gsocks4aproxy.c
+@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+- *    1    1      2              4           variable       1    variable
+ *    1    1      2              4           variable       1    variable    1
+  */
+-#define SOCKS4_CONN_MSG_LEN	    (9 + SOCKS4_MAX_LEN * 2)
+#define SOCKS4_CONN_MSG_LEN	    (10 + SOCKS4_MAX_LEN * 2)
+ static gint
+ set_connect_msg (guint8      *msg,
+ 		 const gchar *hostname,
+-- 
+2.47.0
+
--- a/glib2.changes
+++ b/glib2.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Nov 26 15:45:58 UTC 2024 - Michael Gorse <mgorse@suse.com>
+
+- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
+  (boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
+
 -------------------------------------------------------------------
 Mon Aug 19 19:42:14 UTC 2024 - Michael Gorse <mgorse@suse.com>

--- a/glib2.spec
+++ b/glib2.spec
@ -60,6 +60,8 @@ Patch4:         glib2-gdbus-codegen-version.patch
 Patch5:         glib2-CVE-2024-34397.patch
 # PATCH-FIX-UPSTREAM glib2-fix-ibus-regression.patch boo#1124044 mgorse@suse.com -- allow name owners to have the syntax of a well-known name.
 Patch6:         glib2-fix-ibus-regression.patch
+# PATCH-FIX-UPSTREAM glib2-CVE-2024-52533.patch boo#1233282 mgorse@suse.com -- fix a single byte buffer overflow.
+Patch7:         glib2-CVE-2024-52533.patch

 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  fdupes
@ -264,6 +266,7 @@ the functionality of the installed glib2 package.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1

 cp -a %{SOURCE1} %{SOURCE2} %{SOURCE5} .
 cp -a %{SOURCE4} gnome_defaults.conf