diff options
Diffstat (limited to 'gnu/packages/patches/glib-CVE-2021-27219-16.patch')
-rw-r--r-- | gnu/packages/patches/glib-CVE-2021-27219-16.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/gnu/packages/patches/glib-CVE-2021-27219-16.patch b/gnu/packages/patches/glib-CVE-2021-27219-16.patch new file mode 100644 index 0000000000..43635e72ed --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-16.patch @@ -0,0 +1,43 @@ +From cb9ee701ef46c1819eed4e2a4dc181682bdfc176 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 10 Feb 2021 21:16:39 +0000 +Subject: [PATCH 1/3] gkeyfilesettingsbackend: Fix basename handling when group + is unset + +Fix an effective regression in commit +7781a9cbd2fd0aa84bee0f4eee88470640ff6706, which happens when +`convert_path()` is called with a `key` which contains no slashes. In +that case, the `key` is entirely the `basename`. + +Prior to commit 7781a9cb, the code worked through a fluke of `i == -1` +cancelling out with the various additions in the `g_memdup()` call, and +effectively resulting in `g_strdup (key)`. + +Spotted by Guido Berhoerster. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +--- + gio/gkeyfilesettingsbackend.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index 25b057672..861c3a661 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -185,7 +185,12 @@ convert_path (GKeyfileSettingsBackend *kfsb, + } + + if (basename) +- *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); ++ { ++ if (last_slash != NULL) ++ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); ++ else ++ *basename = g_strdup (key); ++ } + + return TRUE; + } +-- +2.30.1 + |