Accepting request 876818 from home:mgorse:branches:GNOME:Factory

- Add evolution-data-server-boo1182882.patch: fix buffer overrun when parsing base64 data (boo#1182882). OBS-URL: https://build.opensuse.org/request/show/876818 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/evolution-data-server?expand=0&rev=389
2021-03-18 18:31:14 +00:00 · 2021-03-18 18:31:14 +00:00 · 40a1b6477c
commit 40a1b6477c
parent 30a0d815db
3 changed files with 60 additions and 0 deletions
--- a/evolution-data-server-boo1182882.patch
+++ b/evolution-data-server-boo1182882.patch
@ -0,0 +1,52 @@
+From b0731961dca6ca2ee4a11b708545d58ff4948093 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 2 Mar 2021 12:26:09 +0100
+Subject: [PATCH] Allocate large-enough buffer for g_base64_decode_step()
+
+---
+ src/camel/camel-mime-filter-basic.c | 8 ++------
+ src/camel/camel-mime-utils.c        | 2 +-
+ 2 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/camel/camel-mime-filter-basic.c b/src/camel/camel-mime-filter-basic.c
+index b13276264..8187fabd4 100644
+--- a/src/camel/camel-mime-filter-basic.c
+++ b/src/camel/camel-mime-filter-basic.c
+@@ -83,8 +83,7 @@ mime_filter_basic_filter (CamelMimeFilter *mime_filter,
+ 		g_return_if_fail (newlen <= (len + 2) * 2 + 62);
+ 		break;
+ 	case CAMEL_MIME_FILTER_BASIC_BASE64_DEC:
+-		/* output can't possibly exceed the input size */
+-		camel_mime_filter_set_size (mime_filter, len + 3, FALSE);
+		camel_mime_filter_set_size (mime_filter, (len * 3 / 4) + 3, FALSE);
+ 		newlen = g_base64_decode_step (
+ 			in, len,
+ 			(guchar *) mime_filter->outbuf,
+@@ -225,10 +224,7 @@ mime_filter_basic_complete (CamelMimeFilter *mime_filter,
+ 		g_return_if_fail (newlen <= (len + 2) * 2 + 62);
+ 		break;
+ 	case CAMEL_MIME_FILTER_BASIC_BASE64_DEC:
+-		/* Output can't possibly exceed the input size, but add 1,
+-		   to make sure the mime_filter->outbuf will not be NULL,
+-		   in case the input stream is empty. */
+-		camel_mime_filter_set_size (mime_filter, len + 1, FALSE);
+		camel_mime_filter_set_size (mime_filter, (len * 3 / 4) + 3, FALSE);
+ 		newlen = g_base64_decode_step (
+ 			in, len,
+ 			(guchar *) mime_filter->outbuf,
+diff --git a/src/camel/camel-mime-utils.c b/src/camel/camel-mime-utils.c
+index 3394707e2..31024f5d4 100644
+--- a/src/camel/camel-mime-utils.c
+++ b/src/camel/camel-mime-utils.c
+@@ -1186,7 +1186,7 @@ rfc2047_decode_word (const gchar *in,
+ 	case 'B':
+ 	case 'b':
+ 		inptr += 2;
+-		decoded = g_alloca (inend - inptr);
+		decoded = g_alloca (((inend - inptr) * 3 / 4) + 3);
+ 		declen = g_base64_decode_step ((gchar *) inptr, inend - inptr, decoded, &state, &save);
+ 		break;
+ 	case 'Q':
+-- 
+2.30.1
+
--- a/evolution-data-server.changes
+++ b/evolution-data-server.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Mar  3 21:08:31 UTC 2021 - Michael Gorse <mgorse@suse.com>
+
+- Add evolution-data-server-boo1182882.patch: fix buffer overrun
+  when parsing base64 data (boo#1182882).
+
 -------------------------------------------------------------------
 Fri Feb 12 17:08:42 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>

--- a/evolution-data-server.spec
+++ b/evolution-data-server.spec
@ -40,6 +40,8 @@ Group:          Development/Libraries/GNOME
 URL:            https://wiki.gnome.org/Apps/Evolution
 Source0:        https://download.gnome.org/sources/evolution-data-server/3.38/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM evolution-data-server-boo1182882.patch boo#1182882 mgorse@suse.com -- fix buffer overrun when decoding base64 data.
+Patch0:         evolution-data-server-boo1182882.patch

 BuildRequires:  cmake
 BuildRequires:  db-devel