Commit Graph

23238 Commits

Author SHA1 Message Date
Philip Withnall
dc1f133c88 Merge branch '225' into 'master'
string: Add find and replace function

Closes #225

See merge request GNOME/glib!1828
2021-02-09 10:50:16 +00:00
Joshua Lee
c576a4cd82 string: Add find and replace function
This adds g_string_replace(), a function that replaces instances of one string
with another in a GString. It allows the caller to specify the maximum number
of replacements to perform, and returns the number of replacements performed
to the caller.

Fixes: #225
2021-02-09 10:50:16 +00:00
Philip Withnall
652026b9d1 Merge branch 'fix_more_warnings' into 'master'
Fix more warnings

See merge request GNOME/glib!1918
2021-02-09 10:45:51 +00:00
Simon McVittie
ba25c8a770 gdbus: Reject attempts to set future connection or server flags
The GDBusConnectionFlags and GDBusServerFlags can affect how we carry
out authentication and authorization, either making it more or less
restrictive, so it's desirable to "fail closed" if a program is compiled
against a new version of GLib but run against an old version.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-08 13:35:16 +00:00
Sebastian Dröge
203e078fdf Merge branch 'giochannel-check' into 'master'
giochannel: Fix length_size bounds check

Closes #2323

See merge request GNOME/glib!1931
2021-02-08 11:06:59 +00:00
Simon McVittie
d8fe3646c5 Merge branch 'wip/tlspassword' into 'master'
gtlspassword: Fix inverted assertion

See merge request GNOME/glib!1932
2021-02-08 11:05:01 +00:00
Simon McVittie
63f37f8c3b io-channel test: Add coverage for g_io_channel_set_line_term(., ., -1)
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-08 10:37:01 +00:00
Simon McVittie
5dc8b0014c giochannel: Don't store negative line_term_len in GIOChannel struct
Adding test coverage indicated that this was another bug in 0cc11f74.

Fixes: 0cc11f74 "giochannel: Forbid very long line terminator strings"
Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2323
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-08 10:37:01 +00:00
Simon McVittie
df4501316c tls-interaction: Add test coverage for various ways to set the password
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-08 10:22:48 +00:00
Simon McVittie
61bb52ec42 gtlspassword: Fix inverted assertion
The intention here was to assert that the length of the password fits
in a gssize. Passwords more than half the size of virtual memory are
probably excessive.

Fixes: a8b204ff "gtlspassword: Forbid very long TLS passwords"
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-08 10:05:15 +00:00
Emmanuel Fleury
05c311a961 Fix several missing initializer in gio/gsettingsschema.c:parse_into_text_tables()
gio/gsettingsschema.c: In function ‘parse_into_text_tables’:
gio/gsettingsschema.c:682:3: error: missing initializer for field ‘passthrough’ of ‘GMarkupParser’ {aka ‘struct _GMarkupParser’}
  682 |   GMarkupParser parser = { start_element, end_element, text };
      |   ^~~~~~~~~~~~~
gio/gsettingsschema.c:683:3: error: missing initializer for field ‘gettext_domain’ of ‘TextTableParseInfo’ [-Werror=missing-field-initializers]
  683 |   TextTableParseInfo info = { summaries, descriptions };
      |   ^~~~~~~~~~~~~~~~~~
2021-02-08 11:00:33 +01:00
Emmanuel Fleury
7c32b1173a Fix signedness warning in gio/gmenu.c:g_menu_remove()
gio/gmenu.c: In function ‘g_menu_remove’:
gio/gmenu.c:483:47: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘guint’ {aka ‘unsigned int’}
  483 |   g_return_if_fail (0 <= position && position < menu->items->len);
      |                                               ^
2021-02-08 11:00:33 +01:00
Emmanuel Fleury
2174bcf000 Fix signedness warning in gio/gmenu.c:g_menu_insert_item()
gio/gmenu.c: In function ‘g_menu_insert_item’:
gio/gmenu.c:165:32: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘guint’ {aka ‘unsigned int’}
  165 |   if (position < 0 || position > menu->items->len)
      |                                ^
2021-02-08 11:00:33 +01:00
Emmanuel Fleury
f598a93332 Fix signedness warning in gio/glocalfileinfo.c:get_access_rights()
gio/glocalfileinfo.c: In function ‘get_access_rights’:
gio/glocalfileinfo.c:932:9: error: comparison of integer expressions of different signedness: ‘uid_t’ {aka ‘unsigned int’} and ‘int’
  932 |     uid == parent_info->owner ||
      |         ^~
2021-02-08 11:00:25 +01:00
Emmanuel Fleury
4260193cff Fix signedness warning in gio/glocalfileinfo.c:read_link()
gio/glocalfileinfo.c: In function ‘read_link’:
gio/glocalfileinfo.c:188:21: error: comparison of integer expressions of different signedness: ‘int’ and ‘guint’ {aka ‘unsigned int’}
  188 |       if (read_size < size)
      |                     ^
2021-02-08 10:31:58 +01:00
Jan Alexander Steffens (heftig)
a149bf2f90
giochannel: Fix length_size bounds check
The inverted condition is an obvious error introduced by ecdf91400e.

Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2323
2021-02-07 23:32:40 +01:00
Emin Tufan Çetin
fa248f7f71 Update Turkish translation 2021-02-07 06:51:09 +00:00
Anders Jonsson
dfe1b325f5 Update Swedish translation 2021-02-05 21:23:57 +00:00
Philip Withnall
5bc9710fa6 2.67.3
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-02-04 18:07:19 +00:00
Philip Withnall
feff097f27 gstrfuncs: Deprecate g_memdup() in favour of g_memdup2()
Unfortunately, `g_memdup()` accepts its size argument as a `guint`,
unlike most other functions which deal with memory sizes — they all use
`gsize`. `gsize` is 64 bits on 64-bit machines, while `guint` is only 32
bits. This can lead to a silent (with default compiler warnings)
truncation of the value provided by the caller. For large values, this
will result in the returned heap allocation being significantly smaller
than the caller expects, which will then lead to buffer overflow
reads/writes.

Any code using `g_memdup()` should immediately port to `g_memdup2()` and
check the pointer arithmetic around their call site to ensure there
aren’t other overflows.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: #2319
2021-02-04 17:34:03 +00:00
Philip Withnall
20cfc75d14 Merge branch '2319-memdup' into 'master'
Add g_memdup2()

Closes #2319

See merge request GNOME/glib!1926
2021-02-04 17:12:36 +00:00
Philip Withnall
0cc11f745e giochannel: Forbid very long line terminator strings
The public API `GIOChannel.line_term_len` is only a `guint`. Ensure that
nul-terminated strings passed to `g_io_channel_set_line_term()` can’t
exceed that length. Use `g_memdup2()` to avoid a warning (`g_memdup()`
is due to be deprecated), but not to avoid a bug, since it’s also
limited to `G_MAXUINT`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
2021-02-04 16:17:21 +00:00
Philip Withnall
a8b204ff9d gtlspassword: Forbid very long TLS passwords
The public API `g_tls_password_set_value_full()` (and the vfunc it
invokes) can only accept a `gssize` length. Ensure that nul-terminated
strings passed to `g_tls_password_set_value()` can’t exceed that length.
Use `g_memdup2()` to avoid an overflow if they’re longer than
`G_MAXUINT` similarly.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
2021-02-04 16:17:21 +00:00
Philip Withnall
a2e38fd28e gsocket: Use gsize to track native sockaddr’s size
Don’t use an `int`, that’s potentially too small. In practical terms,
this is not a problem, since no socket address is going to be that big.

By making these changes we can use `g_memdup2()` without warnings,
though. Fewer warnings is good.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
2021-02-04 16:17:21 +00:00
Philip Withnall
7781a9cbd2 gkeyfilesettingsbackend: Handle long keys when converting paths
Previously, the code in `convert_path()` could not handle keys longer
than `G_MAXINT`, and would overflow if that was exceeded.

Convert the code to use `gsize` and `g_memdup2()` throughout, and
change from identifying the position of the final slash in the string
using a signed offset `i`, to using a pointer to the character (and
`strrchr()`). This allows the slash to be at any position in a
`G_MAXSIZE`-long string, without sacrificing a bit of the offset for
indicating whether a slash was found.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
2021-02-04 16:17:21 +00:00
Philip Withnall
9acebef777 gwin32: Use gsize internally in g_wcsdup()
This allows it to handle strings up to length `G_MAXSIZE` — previously
it would overflow with such strings.

Update the several copies of it identically.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
2021-02-04 16:17:21 +00:00
Philip Withnall
41d5eedad4 gdatainputstream: Handle stop_chars_len internally as gsize
Previously it was handled as a `gssize`, which meant that if the
`stop_chars` string was longer than `G_MAXSSIZE` there would be an
overflow.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
2021-02-04 16:17:21 +00:00
Philip Withnall
81a454237d gwinhttpfile: Avoid arithmetic overflow when calculating a size
The members of `URL_COMPONENTS` (`winhttp_file->url`) are `DWORD`s, i.e.
32-bit unsigned integers. Adding to and multiplying them may cause them
to overflow the unsigned integer bounds, even if the result is passed to
`g_memdup2()` which accepts a `gsize`.

Cast the `URL_COMPONENTS` members to `gsize` first to ensure that the
arithmetic is done in terms of `gsize`s rather than unsigned integers.

Spotted by Sebastian Dröge.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
2021-02-04 16:17:21 +00:00
Philip Withnall
19470722b3 glib: Use g_memdup2() instead of g_memdup() in obvious places
Convert all the call sites which use `g_memdup()`’s length argument
trivially (for example, by passing a `sizeof()` or an existing `gsize`
variable), so that they use `g_memdup2()` instead.

In almost all of these cases the use of `g_memdup()` would not have
caused problems, but it will soon be deprecated, so best port away from
it

In particular, this fixes an overflow within `g_bytes_new()`, identified
as GHSL-2021-045 by GHSL team member Kevin Backhouse.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: GHSL-2021-045
Helps: #2319
2021-02-04 16:04:10 +00:00
Philip Withnall
f10101b909 gobject: Use g_memdup2() instead of g_memdup() in obvious places
Convert all the call sites which use `g_memdup()`’s length argument
trivially (for example, by passing a `sizeof()`), so that they use
`g_memdup2()` instead.

In almost all of these cases the use of `g_memdup()` would not have
caused problems, but it will soon be deprecated, so best port away from
it.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
2021-02-04 14:13:21 +00:00
Philip Withnall
73b293fd30 gio: Use g_memdup2() instead of g_memdup() in obvious places
Convert all the call sites which use `g_memdup()`’s length argument
trivially (for example, by passing a `sizeof()`), so that they use
`g_memdup2()` instead.

In almost all of these cases the use of `g_memdup()` would not have
caused problems, but it will soon be deprecated, so best port away from
it.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
2021-02-04 14:13:21 +00:00
Philip Withnall
f8cf0b8672 gstrfuncs: Add g_memdup2() function
This will replace the existing `g_memdup()` function, which has an
unavoidable security flaw of taking its `byte_size` argument as a
`guint` rather than as a `gsize`. Most callers will expect it to be a
`gsize`, and may pass in large values which could silently be truncated,
resulting in an undersize allocation compared to what the caller
expects.

This could lead to a classic buffer overflow vulnerability for many
callers of `g_memdup()`.

`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.

Spotted by Kevin Backhouse of GHSL.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: GHSL-2021-045
Helps: #2319
2021-02-04 14:13:03 +00:00
Sebastian Dröge
e41a36784c Merge branch 'wip/sadiq/fix-memory-leak' into 'master'
gapplication: Fix a memory leak

See merge request GNOME/glib!1925
2021-02-04 13:40:28 +00:00
Mohammed Sadiq
a1203b3d3b gapplication: Fix a memory leak 2021-02-04 18:38:17 +05:30
Sebastian Dröge
8385664f47 Merge branch 'master' into 'master'
gdatetime: Add math library support

Closes #2314

See merge request GNOME/glib!1916
2021-02-04 08:03:22 +00:00
Jan Kot
0b0fcfad11 Add support for Tilix and Konsole 2021-02-03 20:44:55 +01:00
Sebastian Dröge
f67b12467b Merge branch 'atomic-take2' into 'master'
atomic: Fix type check of g_atomic_pointer_compare_and_exchange()

See merge request GNOME/glib!1919
2021-02-03 15:18:55 +00:00
Xavier Claessens
580b415ebd atomic: Fix type check of g_atomic_pointer_compare_and_exchange() 2021-02-03 09:37:04 -05:00
Xavier Claessens
7459bf9a19 Revert "atomic: Fix type error with clang++"
This reverts commit d95885d91e.
2021-02-03 09:37:04 -05:00
Philip Withnall
018ae0982c Merge branch 'wip/gdbus-even-when-setcap' into 'master'
Resolve GDBus regressions in setcap/setgid programs

Closes #2305

See merge request GNOME/glib!1920
2021-02-03 11:28:20 +00:00
Philip Withnall
ab46205db1 Merge branch 'carlosgc/uri-host-nullable' into 'master'
guri: Mark g_uri_get_host as nullable

See merge request GNOME/glib!1921
2021-02-03 09:59:29 +00:00
Carlos Garcia Campos
5221b6a261 guri: Mark g_uri_get_host as nullable
It's currently annotated as not nullable, but it can be NULL.
2021-02-03 09:47:30 +00:00
Prasanth R
62fc437773 gdatetime: Add math library support
W.r.to c3805d74b uClibc fails in linking
Fixes #2314
2021-02-03 14:09:10 +05:30
Simon McVittie
7aa0580cc5 gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but not setuid
This is against my better judgement, but it's the least bad regression
fix I can think of. If we don't do this, at least gnome-keyring-daemon
(setcap) and msmtp (setgid) are known to regress.

Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2305
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981420
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981555
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-02 20:52:19 +00:00
Simon McVittie
6436d52a0a gdbus: Rename a variable to be less misleading
We're using "setuid" here as shorthand for any elevated privileges
that should make us distrust the caller: setuid, setgid, filesystem
capabilities, more obscure Linux things that set the AT_SECURE flag
(such as certain AppArmor transitions), and their equivalents on
other operating systems. This is fine if we do it consistently, but
I'm about to add a check for whether we are *literally* setuid,
which would be particularly confusing without a rename.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-02 20:38:41 +00:00
Sebastian Dröge
7e958fd1fe Merge branch 'fix_more_warnings' into 'master'
Fix more warnings

See merge request GNOME/glib!1911
2021-02-02 16:11:53 +00:00
Emmanuel Fleury
ccb43b3821 Fix signedness warnings in gio/ghttpproxy.c:g_http_proxy_connect()
gio/ghttpproxy.c: In function ‘g_http_proxy_connect’:
gio/ghttpproxy.c:245:17: error: comparison of integer expressions of different signedness: ‘gsize’ {aka ‘long unsigned int’} and ‘int’
  245 |       if (nread == -1)
      |                 ^~
gio/ghttpproxy.c:253:22: error: comparison of integer expressions of different signedness: ‘gssize’ {aka ‘long int’} and ‘gsize’ {aka ‘long unsigned int’}
  253 |       if (bytes_read == buffer_length)
      |                      ^~
2021-02-02 16:31:07 +01:00
Sebastian Dröge
e38982df4b Merge branch 'atomic-typeof' into 'master'
Define glib_typeof with C++11 decltype()

Closes #2226

See merge request GNOME/glib!1715
2021-02-02 10:51:50 +00:00
Sebastian Dröge
e6f506a92c Merge branch 'fix/unix-stream-pollable-detection' into 'master'
gunix: Fix {Input,Output}Stream pollable detection

Closes #1180

See merge request GNOME/glib!1846
2021-02-02 10:46:52 +00:00
Philip Withnall
94007bbcb7 Merge branch 'key-file-get-comment-nullable' into 'master'
Mark g_key_file_get_comment() key parameter as nullable

See merge request GNOME/glib!1915
2021-02-02 10:36:56 +00:00