summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/glib-CVE-2021-27219-16.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/glib-CVE-2021-27219-16.patch')
-rw-r--r--gnu/packages/patches/glib-CVE-2021-27219-16.patch43
1 files changed, 43 insertions, 0 deletions
diff --git a/gnu/packages/patches/glib-CVE-2021-27219-16.patch b/gnu/packages/patches/glib-CVE-2021-27219-16.patch
new file mode 100644
index 0000000000..43635e72ed
--- /dev/null
+++ b/gnu/packages/patches/glib-CVE-2021-27219-16.patch
@@ -0,0 +1,43 @@
+From cb9ee701ef46c1819eed4e2a4dc181682bdfc176 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Wed, 10 Feb 2021 21:16:39 +0000
+Subject: [PATCH 1/3] gkeyfilesettingsbackend: Fix basename handling when group
+ is unset
+
+Fix an effective regression in commit
+7781a9cbd2fd0aa84bee0f4eee88470640ff6706, which happens when
+`convert_path()` is called with a `key` which contains no slashes. In
+that case, the `key` is entirely the `basename`.
+
+Prior to commit 7781a9cb, the code worked through a fluke of `i == -1`
+cancelling out with the various additions in the `g_memdup()` call, and
+effectively resulting in `g_strdup (key)`.
+
+Spotted by Guido Berhoerster.
+
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+---
+ gio/gkeyfilesettingsbackend.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
+index 25b057672..861c3a661 100644
+--- a/gio/gkeyfilesettingsbackend.c
++++ b/gio/gkeyfilesettingsbackend.c
+@@ -185,7 +185,12 @@ convert_path (GKeyfileSettingsBackend *kfsb,
+ }
+
+ if (basename)
+- *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
++ {
++ if (last_slash != NULL)
++ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
++ else
++ *basename = g_strdup (key);
++ }
+
+ return TRUE;
+ }
+--
+2.30.1
+