mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-10-01 19:36:37 +02:00
b1a857f8d0
This will replace the existing `g_memdup()` function for use within
GLib. It has an unavoidable security flaw of taking its `byte_size`
argument as a `guint` rather than as a `gsize`. Most callers will
expect it to be a `gsize`, and may pass in large values which could
silently be truncated, resulting in an undersize allocation compared
to what the caller expects.
This could lead to a classic buffer overflow vulnerability for many
callers of `g_memdup()`.
`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.
Spotted by Kevin Backhouse of GHSL.
In GLib 2.68, `g_memdup2()` will be a new public API. In this version
for backport to older stable releases, it’s a new `static inline` API
in a private header, so that use of `g_memdup()` within GLib can be
fixed without adding a new API in a stable release series.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: CVE-2021-27219
Helps: GHSL-2021-045
Helps: #2319
(cherry picked from commit 5e5f75a77e)
56 lines
1.8 KiB
C
56 lines
1.8 KiB
C
/* GLIB - Library of useful routines for C programming
|
|
* Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <glib.h>
|
|
#include <string.h>
|
|
|
|
/*
|
|
* g_memdup2:
|
|
* @mem: (nullable): the memory to copy.
|
|
* @byte_size: the number of bytes to copy.
|
|
*
|
|
* Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
|
|
* from @mem. If @mem is %NULL it returns %NULL.
|
|
*
|
|
* This replaces g_memdup(), which was prone to integer overflows when
|
|
* converting the argument from a #gsize to a #guint.
|
|
*
|
|
* This static inline version is a backport of the new public API from
|
|
* GLib 2.68, kept internal to GLib for backport to older stable releases.
|
|
* See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
|
|
*
|
|
* Returns: (nullable): a pointer to the newly-allocated copy of the memory,
|
|
* or %NULL if @mem is %NULL.
|
|
* Since: 2.68
|
|
*/
|
|
static inline gpointer
|
|
g_memdup2 (gconstpointer mem,
|
|
gsize byte_size)
|
|
{
|
|
gpointer new_mem;
|
|
|
|
if (mem && byte_size != 0)
|
|
{
|
|
new_mem = g_malloc (byte_size);
|
|
memcpy (new_mem, mem, byte_size);
|
|
}
|
|
else
|
|
new_mem = NULL;
|
|
|
|
return new_mem;
|
|
}
|