Fix CVE-2024-52533
(cherry picked from commit ed88102eea5138634221fcd1603d83c88cc9e1f9)
This commit is contained in:
李宁杰
openeuler-sync-bot
parent
2755f42442
commit
84fa322859
44
backport-CVE-2024-52533.patch
Normal file
44
backport-CVE-2024-52533.patch
Normal file
@ -0,0 +1,44 @@
|
||||
From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Catanzaro <mcatanzaro@redhat.com>
|
||||
Date: Thu, 19 Sep 2024 18:35:53 +0100
|
||||
Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
|
||||
messages
|
||||
|
||||
`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
|
||||
byte in the connect message, which is an addition in SOCKSv4a vs
|
||||
SOCKSv4.
|
||||
|
||||
This means that the buffer for building and transmitting the connect
|
||||
message could be overflowed if the username and hostname are both
|
||||
`SOCKS4_MAX_LEN` (255) bytes long.
|
||||
|
||||
Proxy configurations are normally statically configured, so the username
|
||||
is very unlikely to be near its maximum length, and hence this overflow
|
||||
is unlikely to be triggered in practice.
|
||||
|
||||
(Commit message by Philip Withnall, diagnosis and fix by Michael
|
||||
Catanzaro.)
|
||||
|
||||
Fixes: #3461
|
||||
---
|
||||
gio/gsocks4aproxy.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
|
||||
index 3dad118eb7..b3146d08fd 100644
|
||||
--- a/gio/gsocks4aproxy.c
|
||||
+++ b/gio/gsocks4aproxy.c
|
||||
@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
|
||||
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
|
||||
* | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL |
|
||||
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
|
||||
- * 1 1 2 4 variable 1 variable
|
||||
+ * 1 1 2 4 variable 1 variable 1
|
||||
*/
|
||||
-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2)
|
||||
+#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2)
|
||||
static gint
|
||||
set_connect_msg (guint8 *msg,
|
||||
const gchar *hostname,
|
||||
--
|
||||
GitLab
|
||||
@ -1,6 +1,6 @@
|
||||
Name: glib2
|
||||
Version: 2.78.3
|
||||
Release: 5
|
||||
Release: 6
|
||||
Summary: The core library that forms the basis for projects such as GTK+ and GNOME
|
||||
License: LGPLv2+
|
||||
URL: https://www.gtk.org
|
||||
@ -18,6 +18,7 @@ Patch6004: backport-gsocketclient-Fix-a-use-after-free-in-g_socket_client_conne
|
||||
Patch6005: backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patch
|
||||
Patch6006: backport-gresources-fix-memory-leak-from-libelf.patch
|
||||
Patch6007: Correct-translation-information.patch
|
||||
Patch6008: backport-CVE-2024-52533.patch
|
||||
|
||||
BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter
|
||||
BUildRequires: glibc-devel libattr-devel libselinux-devel meson
|
||||
@ -202,6 +203,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Nov 12 2024 liningjie <liningjie@xfusion.com> - 2.78.3-6
|
||||
- Fix CVE-2024-52533
|
||||
|
||||
* Fri Oct 25 2024 GuoCe <guoce@kylinos.cn> - 2.78.3-5
|
||||
- Correct translation information
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user