packages/glib2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2024-52533

Browse Source 
(cherry picked from commit ed88102eea5138634221fcd1603d83c88cc9e1f9)
This commit is contained in:
李宁杰 2024-11-12 01:32:49 +00:00 committed by openeuler-sync-bot
parent 2755f42442
commit 84fa322859
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
backport-CVE-2024-52533.patch Normal file
View File

@ -0,0 +1,44 @@
From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Thu, 19 Sep 2024 18:35:53 +0100
Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
messages
`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
byte in the connect message, which is an addition in SOCKSv4a vs
SOCKSv4.
This means that the buffer for building and transmitting the connect
message could be overflowed if the username and hostname are both
`SOCKS4_MAX_LEN` (255) bytes long.
Proxy configurations are normally statically configured, so the username
is very unlikely to be near its maximum length, and hence this overflow
is unlikely to be triggered in practice.
(Commit message by Philip Withnall, diagnosis and fix by Michael
Catanzaro.)
Fixes: #3461
---
gio/gsocks4aproxy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
index 3dad118eb7..b3146d08fd 100644
--- a/gio/gsocks4aproxy.c
+++ b/gio/gsocks4aproxy.c
@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
* | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL |
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
- * 1 1 2 4 variable 1 variable
+ * 1 1 2 4 variable 1 variable 1
*/
-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2)
+#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2)
static gint
set_connect_msg (guint8 *msg,
const gchar *hostname,
--
GitLab

6
glib2.spec
View File

@ -1,6 +1,6 @@
Name: glib2 Name: glib2
Version: 2.78.3 Version: 2.78.3
Release: 5 Release: 6
Summary: The core library that forms the basis for projects such as GTK+ and GNOME Summary: The core library that forms the basis for projects such as GTK+ and GNOME
License: LGPLv2+ License: LGPLv2+
URL: https://www.gtk.org URL: https://www.gtk.org
@ -18,6 +18,7 @@ Patch6004: backport-gsocketclient-Fix-a-use-after-free-in-g_socket_client_conne
Patch6005: backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patch Patch6005: backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patch
Patch6006: backport-gresources-fix-memory-leak-from-libelf.patch Patch6006: backport-gresources-fix-memory-leak-from-libelf.patch
Patch6007: Correct-translation-information.patch Patch6007: Correct-translation-information.patch
Patch6008: backport-CVE-2024-52533.patch
BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter
BUildRequires: glibc-devel libattr-devel libselinux-devel meson BUildRequires: glibc-devel libattr-devel libselinux-devel meson
@ -202,6 +203,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%endif %endif
%changelog %changelog
* Tue Nov 12 2024 liningjie <liningjie@xfusion.com> - 2.78.3-6
- Fix CVE-2024-52533
* Fri Oct 25 2024 GuoCe <guoce@kylinos.cn> - 2.78.3-5 * Fri Oct 25 2024 GuoCe <guoce@kylinos.cn> - 2.78.3-5
- Correct translation information - Correct translation information