me
/
guix
Archived
1
0
Fork 0

gnu: glib: Make some cosmetic changes.

* gnu/packages/patches/glib-CVE-2021-27218.patch
gnu/packages/patches/glib-CVE-2021-27219-01.patch
gnu/packages/patches/glib-CVE-2021-27219-02.patch
gnu/packages/patches/glib-CVE-2021-27219-03.patch
gnu/packages/patches/glib-CVE-2021-27219-04.patch
gnu/packages/patches/glib-CVE-2021-27219-05.patch
gnu/packages/patches/glib-CVE-2021-27219-06.patch
gnu/packages/patches/glib-CVE-2021-27219-07.patch
gnu/packages/patches/glib-CVE-2021-27219-08.patch
gnu/packages/patches/glib-CVE-2021-27219-09.patch
gnu/packages/patches/glib-CVE-2021-27219-10.patch
gnu/packages/patches/glib-CVE-2021-27219-11.patch
gnu/packages/patches/glib-CVE-2021-27219-12.patch
gnu/packages/patches/glib-CVE-2021-27219-13.patch
gnu/packages/patches/glib-CVE-2021-27219-14.patch
gnu/packages/patches/glib-CVE-2021-27219-15.patch
gnu/packages/patches/glib-CVE-2021-27219-16.patch
gnu/packages/patches/glib-CVE-2021-27219-17.patch
gnu/packages/patches/glib-CVE-2021-27219-18.patch
gnu/packages/patches/glib-CVE-2021-28153.patch: Remove patches.
* gnu/local.mk (dist_patch_DATA): Unregister them.
* gnu/packages/glib.scm (glib): Make some cosmetic changes.
[replacement]: Remove.
(glib/fixed): Remove.

Signed-off-by: Léo Le Bouter <lle-bout@zaclys.net>
master
Raghav Gururajan 2021-03-11 06:39:29 -05:00
parent c2366b9481
commit 993de472ed
No known key found for this signature in database
GPG Key ID: 45A8B1E86BCD10A6
22 changed files with 202 additions and 2632 deletions

View File

@ -1082,26 +1082,6 @@ dist_patch_DATA = \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \ %D%/packages/patches/ghostscript-no-header-creationdate.patch \
%D%/packages/patches/glib-appinfo-watch.patch \ %D%/packages/patches/glib-appinfo-watch.patch \
%D%/packages/patches/glib-tests-timer.patch \ %D%/packages/patches/glib-tests-timer.patch \
%D%/packages/patches/glib-CVE-2021-27218.patch \
%D%/packages/patches/glib-CVE-2021-27219-01.patch \
%D%/packages/patches/glib-CVE-2021-27219-02.patch \
%D%/packages/patches/glib-CVE-2021-27219-03.patch \
%D%/packages/patches/glib-CVE-2021-27219-04.patch \
%D%/packages/patches/glib-CVE-2021-27219-05.patch \
%D%/packages/patches/glib-CVE-2021-27219-06.patch \
%D%/packages/patches/glib-CVE-2021-27219-07.patch \
%D%/packages/patches/glib-CVE-2021-27219-08.patch \
%D%/packages/patches/glib-CVE-2021-27219-09.patch \
%D%/packages/patches/glib-CVE-2021-27219-10.patch \
%D%/packages/patches/glib-CVE-2021-27219-11.patch \
%D%/packages/patches/glib-CVE-2021-27219-12.patch \
%D%/packages/patches/glib-CVE-2021-27219-13.patch \
%D%/packages/patches/glib-CVE-2021-27219-14.patch \
%D%/packages/patches/glib-CVE-2021-27219-15.patch \
%D%/packages/patches/glib-CVE-2021-27219-16.patch \
%D%/packages/patches/glib-CVE-2021-27219-17.patch \
%D%/packages/patches/glib-CVE-2021-27219-18.patch \
%D%/packages/patches/glib-CVE-2021-28153.patch \
%D%/packages/patches/glibc-CVE-2018-11236.patch \ %D%/packages/patches/glibc-CVE-2018-11236.patch \
%D%/packages/patches/glibc-CVE-2018-11237.patch \ %D%/packages/patches/glibc-CVE-2018-11237.patch \
%D%/packages/patches/glibc-CVE-2019-7309.patch \ %D%/packages/patches/glibc-CVE-2019-7309.patch \

View File

@ -172,46 +172,42 @@ shared NFS home directories.")
(package (package
(name "glib") (name "glib")
(version "2.62.6") (version "2.62.6")
(replacement glib/fixed) (source
(source (origin (origin
(method url-fetch) (method url-fetch)
(uri (string-append "mirror://gnome/sources/" (uri
(string-append "mirror://gnome/sources/"
name "/" (string-take version 4) "/" name "/" (string-take version 4) "/"
name "-" version ".tar.xz")) name "-" version ".tar.xz"))
(sha256 (sha256
(base32 (base32 "174bsmbmcvaw69ff9g60q5sx0fn23rkhqcwqz17h5s7sprps4kqh"))
"174bsmbmcvaw69ff9g60q5sx0fn23rkhqcwqz17h5s7sprps4kqh")) (patches
(patches (search-patches "glib-appinfo-watch.patch" (search-patches "glib-tests-timer.patch" "glib-appinfo-watch.patch"))
"glib-tests-timer.patch"))
(modules '((guix build utils))) (modules '((guix build utils)))
(snippet (snippet
'(begin '(begin
(substitute* "tests/spawn-test.c" (substitute* "tests/spawn-test.c"
(("/bin/sh") "sh")) (("/bin/sh") "sh"))
#t)))) #t))))
(properties '((hidden? . #t)))
(build-system meson-build-system) (build-system meson-build-system)
(outputs '("out" ; everything (outputs '("out" ; everything
"bin" ; glib-mkenums, gtester, etc.; depends on Python "bin")) ; glib-mkenums, gtester, etc.; depends on Python
"debug"))
(propagated-inputs
`(("pcre" ,pcre) ; in the Requires.private field of glib-2.0.pc
("libffi" ,libffi) ; in the Requires.private field of gobject-2.0.pc
;; These are in the Requires.private field of gio-2.0.pc
("util-linux" ,util-linux "lib") ;for libmount
("zlib" ,zlib)))
(native-inputs
`(("gettext" ,gettext-minimal)
("m4" ,m4) ; for installing m4 macros
("dbus" ,dbus) ; for GDBus tests
("pkg-config" ,pkg-config)
("python" ,python-minimal-wrapper)
("perl" ,perl) ; needed by GIO tests
("tzdata" ,tzdata-for-tests))) ; for tests/gdatetime.c
(arguments (arguments
`(#:disallowed-references (,tzdata-for-tests) `(#:disallowed-references (,tzdata-for-tests)
#:configure-flags '("-Dselinux=disabled")
#:phases #:phases
(modify-phases %standard-phases (modify-phases %standard-phases
;; TODO: Remove the conditional in the next core-updates cycle.
;; Needed to build glib on slower ARM nodes.
,@(if (string-prefix? "arm" (%current-system))
`((add-after 'unpack 'increase-test-timeout
(lambda _
(substitute* "meson.build"
(("test_timeout = 60")
"test_timeout = 90")
(("test_timeout_slow = 120")
"test_timeout_slow = 180")))))
'())
(add-after 'unpack 'patch-dbus-launch-path (add-after 'unpack 'patch-dbus-launch-path
(lambda* (#:key inputs #:allow-other-keys) (lambda* (#:key inputs #:allow-other-keys)
(let ((dbus (assoc-ref inputs "dbus"))) (let ((dbus (assoc-ref inputs "dbus")))
@ -229,24 +225,12 @@ shared NFS home directories.")
(("gio-launch-desktop") (("gio-launch-desktop")
(string-append out "/libexec/gio-launch-desktop"))) (string-append out "/libexec/gio-launch-desktop")))
#t))) #t)))
;; TODO: Remove the conditional in the next core-updates cycle.
;; Needed to build glib on slower ARM nodes.
,@(if (string-prefix? "arm" (%current-system))
`((add-after 'unpack 'increase-test-timeout
(lambda _
(substitute* "meson.build"
(("test_timeout = 60")
"test_timeout = 120")
(("test_timeout_slow = 120")
"test_timeout_slow = 180")))))
'())
(add-before 'build 'pre-build (add-before 'build 'pre-build
(lambda* (#:key inputs outputs #:allow-other-keys) (lambda* (#:key inputs outputs #:allow-other-keys)
;; For tests/gdatetime.c. ;; For tests/gdatetime.c.
(setenv "TZDIR" (setenv "TZDIR"
(string-append (assoc-ref inputs "tzdata") (string-append (assoc-ref inputs "tzdata")
"/share/zoneinfo")) "/share/zoneinfo"))
;; Some tests want write access there. ;; Some tests want write access there.
(setenv "HOME" (getcwd)) (setenv "HOME" (getcwd))
(setenv "XDG_CACHE_HOME" (getcwd)) (setenv "XDG_CACHE_HOME" (getcwd))
@ -265,37 +249,31 @@ shared NFS home directories.")
(substitute test-file pattern+procs))) (substitute test-file pattern+procs)))
(failing-tests (failing-tests
'(("glib/tests/thread.c" '(("glib/tests/thread.c"
(;; prlimit(2) returns ENOSYS on Linux 2.6.32-5-xen-amd64 ( ;; prlimit(2) returns ENOSYS on Linux 2.6.32-5-xen-amd64
;; as found on hydra.gnu.org, and strace(1) doesn't ;; as found on hydra.gnu.org, and strace(1) doesn't
;; recognize it. ;; recognize it.
"/thread/thread4")) "/thread/thread4"))
;; This tries to find programs in FHS directories. ;; This tries to find programs in FHS directories.
("glib/tests/utils.c" ("glib/tests/utils.c"
("/utils/find-program")) ("/utils/find-program"))
;; This fails because "glib/tests/echo-script" cannot be ;; This fails because "glib/tests/echo-script" cannot be
;; found. ;; found.
("glib/tests/spawn-singlethread.c" ("glib/tests/spawn-singlethread.c"
("/gthread/spawn-script")) ("/gthread/spawn-script"))
("glib/tests/timer.c" ("glib/tests/timer.c"
(;; fails if compiler optimizations are enabled, which they ( ;; fails if compiler optimizations are enabled, which they
;; are by default. ;; are by default.
"/timer/stop")) "/timer/stop"))
("gio/tests/gapplication.c" ("gio/tests/gapplication.c"
(;; XXX: proven to be unreliable. See: ( ;; XXX: proven to be unreliable. See:
;; <https://bugs.debian.org/756273> ;; <https://bugs.debian.org/756273>
;; <http://bugs.gnu.org/18445> ;; <http://bugs.gnu.org/18445>
"/gapplication/quit" "/gapplication/quit"
;; XXX: fails randomly for unknown reason. See: ;; XXX: fails randomly for unknown reason. See:
;; <https://lists.gnu.org/archive/html/guix-devel/2016-04/msg00215.html> ;; <https://lists.gnu.org/archive/html/guix-devel/2016-04/msg00215.html>
"/gapplication/local-actions")) "/gapplication/local-actions"))
("gio/tests/contenttype.c" ("gio/tests/contenttype.c"
(;; XXX: requires shared-mime-info. ( ;; XXX: requires shared-mime-info.
"/contenttype/guess" "/contenttype/guess"
"/contenttype/guess_svg_from_data" "/contenttype/guess_svg_from_data"
"/contenttype/subtype" "/contenttype/subtype"
@ -303,44 +281,34 @@ shared NFS home directories.")
"/contenttype/icon" "/contenttype/icon"
"/contenttype/symbolic-icon" "/contenttype/symbolic-icon"
"/contenttype/tree")) "/contenttype/tree"))
("gio/tests/appinfo.c" ("gio/tests/appinfo.c"
(;; XXX: requires update-desktop-database. ( ;; XXX: requires update-desktop-database.
"/appinfo/associations")) "/appinfo/associations"))
("gio/tests/desktop-app-info.c" ("gio/tests/desktop-app-info.c"
(;; XXX: requires update-desktop-database. ( ;; XXX: requires update-desktop-database.
"/desktop-app-info/delete" "/desktop-app-info/delete"
"/desktop-app-info/default" "/desktop-app-info/default"
"/desktop-app-info/fallback" "/desktop-app-info/fallback"
"/desktop-app-info/lastused" "/desktop-app-info/lastused"
"/desktop-app-info/search")) "/desktop-app-info/search"))
("gio/tests/gdbus-peer.c" ("gio/tests/gdbus-peer.c"
(;; Requires /etc/machine-id. ( ;; Requires /etc/machine-id.
"/gdbus/codegen-peer-to-peer")) "/gdbus/codegen-peer-to-peer"))
("gio/tests/gdbus-address-get-session.c" ("gio/tests/gdbus-address-get-session.c"
(;; Requires /etc/machine-id. ( ;; Requires /etc/machine-id.
"/gdbus/x11-autolaunch")) "/gdbus/x11-autolaunch"))
("gio/tests/gsocketclient-slow.c" ("gio/tests/gsocketclient-slow.c"
(;; These tests tries to resolve "localhost", and fails. ( ;; These tests tries to resolve "localhost", and fails.
"/socket-client/happy-eyeballs/slow" "/socket-client/happy-eyeballs/slow"
"/socket-client/happy-eyeballs/cancellation/delayed")) "/socket-client/happy-eyeballs/cancellation/delayed")))))
)))
(for-each (lambda (x) (apply disable x)) failing-tests) (for-each (lambda (x) (apply disable x)) failing-tests)
#t))) #t)))
(replace 'check (replace 'check
(lambda* (#:key tests? #:allow-other-keys) (lambda _
(if tests?
(begin
(setenv "MESON_TESTTHREADS" (setenv "MESON_TESTTHREADS"
(number->string (parallel-job-count))) (number->string (parallel-job-count)))
;; Do not run tests marked as "flaky". ;; Do not run tests marked as "flaky".
(invoke "meson" "test" "--no-suite" "flaky")) (invoke "meson" "test" "--no-suite" "flaky")))
#t)))
;; TODO: meson does not permit the bindir to be outside of prefix. ;; TODO: meson does not permit the bindir to be outside of prefix.
;; See https://github.com/mesonbuild/meson/issues/2561 ;; See https://github.com/mesonbuild/meson/issues/2561
;; We can remove this once meson is patched. ;; We can remove this once meson is patched.
@ -371,13 +339,26 @@ shared NFS home directories.")
;; #:configure-flags (list (string-append "--bindir=" ;; #:configure-flags (list (string-append "--bindir="
;; (assoc-ref %outputs "bin") ;; (assoc-ref %outputs "bin")
;; "/bin")) ;; "/bin"))
(native-inputs
`(("dbus" ,dbus) ; for GDBus tests
("gettext" ,gettext-minimal)
("m4" ,m4) ; for installing m4 macros
("perl" ,perl) ; needed by GIO tests
("pkg-config" ,pkg-config)
("python" ,python-wrapper)
("tzdata" ,tzdata-for-tests))) ; for tests/gdatetime.c
(propagated-inputs
`(("libffi" ,libffi) ; in the Requires.private field of gobject-2.0.pc
("pcre" ,pcre) ; in the Requires.private field of glib-2.0.pc
("util-linux" ,util-linux "lib") ;for libmount
("zlib" ,zlib))) ; in the Requires.private field of glib-2.0.pc
(native-search-paths (native-search-paths
;; This variable is not really "owned" by GLib, but several related ;; This variable is not really "owned" by GLib, but several related
;; packages refer to it: gobject-introspection's tools use it as a search ;; packages refer to it: gobject-introspection's tools use it as a search
;; path for .gir files, and it's also a search path for schemas produced ;; path for .gir files, and it's also a search path for schemas produced
;; by 'glib-compile-schemas'. ;; by 'glib-compile-schemas'.
(list (search-path-specification (list
(search-path-specification
(variable "XDG_DATA_DIRS") (variable "XDG_DATA_DIRS")
(files '("share"))) (files '("share")))
;; To load extra gio modules from glib-networking, etc. ;; To load extra gio modules from glib-networking, etc.
@ -385,44 +366,13 @@ shared NFS home directories.")
(variable "GIO_EXTRA_MODULES") (variable "GIO_EXTRA_MODULES")
(files '("lib/gio/modules"))))) (files '("lib/gio/modules")))))
(search-paths native-search-paths) (search-paths native-search-paths)
(properties '((hidden? . #t)))
(synopsis "Thread-safe general utility library; basis of GTK+ and GNOME") (synopsis "Thread-safe general utility library; basis of GTK+ and GNOME")
(description (description "GLib provides data structure handling for C, portability
"GLib provides data structure handling for C, portability wrappers, wrappers, and interfaces for such runtime functionality as an event loop,
and interfaces for such runtime functionality as an event loop, threads, threads, dynamic loading, and an object system.")
dynamic loading, and an object system.")
(home-page "https://developer.gnome.org/glib/") (home-page "https://developer.gnome.org/glib/")
(license license:lgpl2.1+))) (license license:lgpl2.1+)))
(define glib/fixed
(package
(inherit glib)
(source (origin
(inherit (package-source glib))
(patches
(append (search-patches "glib-CVE-2021-27218.patch"
"glib-CVE-2021-27219-01.patch"
"glib-CVE-2021-27219-02.patch"
"glib-CVE-2021-27219-03.patch"
"glib-CVE-2021-27219-04.patch"
"glib-CVE-2021-27219-05.patch"
"glib-CVE-2021-27219-06.patch"
"glib-CVE-2021-27219-07.patch"
"glib-CVE-2021-27219-08.patch"
"glib-CVE-2021-27219-09.patch"
"glib-CVE-2021-27219-10.patch"
"glib-CVE-2021-27219-11.patch"
"glib-CVE-2021-27219-12.patch"
"glib-CVE-2021-27219-13.patch"
"glib-CVE-2021-27219-14.patch"
"glib-CVE-2021-27219-15.patch"
"glib-CVE-2021-27219-16.patch"
"glib-CVE-2021-27219-17.patch"
"glib-CVE-2021-27219-18.patch"
"glib-CVE-2021-28153.patch")
(origin-patches (package-source glib))))))))
(define-public glib-with-documentation (define-public glib-with-documentation
;; glib's doc must be built in a separate package since it requires gtk-doc, ;; glib's doc must be built in a separate package since it requires gtk-doc,
;; which in turn depends on glib. ;; which in turn depends on glib.

View File

@ -1,132 +0,0 @@
Backport of:
From 0f384c88a241bbbd884487b1c40b7b75f1e638d3 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <qdlacz@gmail.com>
Date: Wed, 10 Feb 2021 23:51:07 +0100
Subject: [PATCH] gbytearray: Do not accept too large byte arrays
GByteArray uses guint for storing the length of the byte array, but it
also has a constructor (g_byte_array_new_take) that takes length as a
gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits
for guint). It is possible to call the function with a value greater
than G_MAXUINT, which will result in silent length truncation. This
may happen as a result of unreffing GBytes into GByteArray, so rather
be loud about it.
(Test case tweaked by Philip Withnall.)
(Backport 2.66: Add #include gstrfuncsprivate.h in the test case for
`g_memdup2()`.)
---
glib/garray.c | 6 ++++++
glib/gbytes.c | 4 ++++
glib/tests/bytes.c | 35 ++++++++++++++++++++++++++++++++++-
3 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/glib/garray.c b/glib/garray.c
index 942e74c9f..fb1a42aaf 100644
--- a/glib/garray.c
+++ b/glib/garray.c
@@ -2013,6 +2013,10 @@ g_byte_array_new (void)
* Create byte array containing the data. The data will be owned by the array
* and will be freed with g_free(), i.e. it could be allocated using g_strdup().
*
+ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray
+ * stores the length of its data in #guint, which may be shorter than
+ * #gsize.
+ *
* Since: 2.32
*
* Returns: (transfer full): a new #GByteArray
@@ -2024,6 +2028,8 @@ g_byte_array_new_take (guint8 *data,
GByteArray *array;
GRealArray *real;
+ g_return_val_if_fail (len <= G_MAXUINT, NULL);
+
array = g_byte_array_new ();
real = (GRealArray *)array;
g_assert (real->data == NULL);
diff --git a/glib/gbytes.c b/glib/gbytes.c
index 7b72886e5..d56abe6c3 100644
--- a/glib/gbytes.c
+++ b/glib/gbytes.c
@@ -519,6 +519,10 @@ g_bytes_unref_to_data (GBytes *bytes,
* g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all
* other cases the data is copied.
*
+ * Do not use it if @bytes contains more than %G_MAXUINT
+ * bytes. #GByteArray stores the length of its data in #guint, which
+ * may be shorter than #gsize, that @bytes is using.
+ *
* Returns: (transfer full): a new mutable #GByteArray containing the same byte data
*
* Since: 2.32
diff --git a/glib/tests/bytes.c b/glib/tests/bytes.c
index 5ea5c2b35..15a6aaad6 100644
--- a/glib/tests/bytes.c
+++ b/glib/tests/bytes.c
@@ -10,12 +10,12 @@
*/
#undef G_DISABLE_ASSERT
-#undef G_LOG_DOMAIN
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "glib.h"
+#include "glib/gstrfuncsprivate.h"
/* Keep in sync with glib/gbytes.c */
struct _GBytes
@@ -333,6 +333,38 @@ test_to_array_transferred (void)
g_byte_array_unref (array);
}
+static void
+test_to_array_transferred_oversize (void)
+{
+ g_test_message ("g_bytes_unref_to_array() can only take GBytes up to "
+ "G_MAXUINT in length; test that longer ones are rejected");
+
+ if (sizeof (guint) >= sizeof (gsize))
+ {
+ g_test_skip ("Skipping test as guint is not smaller than gsize");
+ }
+ else if (g_test_undefined ())
+ {
+ GByteArray *array = NULL;
+ GBytes *bytes = NULL;
+ gpointer data = g_memdup2 (NYAN, N_NYAN);
+ gsize len = ((gsize) G_MAXUINT) + 1;
+
+ bytes = g_bytes_new_take (data, len);
+ g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL,
+ "g_byte_array_new_take: assertion 'len <= G_MAXUINT' failed");
+ array = g_bytes_unref_to_array (g_steal_pointer (&bytes));
+ g_test_assert_expected_messages ();
+ g_assert_null (array);
+
+ g_free (data);
+ }
+ else
+ {
+ g_test_skip ("Skipping test as testing undefined behaviour is disabled");
+ }
+}
+
static void
test_to_array_two_refs (void)
{
@@ -410,6 +442,7 @@ main (int argc, char *argv[])
g_test_add_func ("/bytes/to-array/transfered", test_to_array_transferred);
g_test_add_func ("/bytes/to-array/two-refs", test_to_array_two_refs);
g_test_add_func ("/bytes/to-array/non-malloc", test_to_array_non_malloc);
+ g_test_add_func ("/bytes/to-array/transferred/oversize", test_to_array_transferred_oversize);
g_test_add_func ("/bytes/null", test_null);
return g_test_run ();
--
2.30.1

View File

@ -1,176 +0,0 @@
Backport of:
From 5e5f75a77e399c638be66d74e5daa8caeb433e00 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:30:52 +0000
Subject: [PATCH 01/11] gstrfuncs: Add internal g_memdup2() function
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This will replace the existing `g_memdup()` function for use within
GLib. It has an unavoidable security flaw of taking its `byte_size`
argument as a `guint` rather than as a `gsize`. Most callers will
expect it to be a `gsize`, and may pass in large values which could
silently be truncated, resulting in an undersize allocation compared
to what the caller expects.
This could lead to a classic buffer overflow vulnerability for many
callers of `g_memdup()`.
`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.
Spotted by Kevin Backhouse of GHSL.
In GLib 2.68, `g_memdup2()` will be a new public API. In this version
for backport to older stable releases, its a new `static inline` API
in a private header, so that use of `g_memdup()` within GLib can be
fixed without adding a new API in a stable release series.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: GHSL-2021-045
Helps: #2319
---
docs/reference/glib/meson.build | 1 +
glib/gstrfuncsprivate.h | 55 +++++++++++++++++++++++++++++++++
glib/meson.build | 1 +
glib/tests/strfuncs.c | 23 ++++++++++++++
4 files changed, 80 insertions(+)
create mode 100644 glib/gstrfuncsprivate.h
diff --git a/docs/reference/glib/meson.build b/docs/reference/glib/meson.build
index bba7649f0..ee39f6d04 100644
--- a/docs/reference/glib/meson.build
+++ b/docs/reference/glib/meson.build
@@ -22,6 +22,7 @@ if get_option('gtk_doc')
'gprintfint.h',
'gmirroringtable.h',
'gscripttable.h',
+ 'gstrfuncsprivate.h',
'glib-mirroring-tab',
'gnulib',
'pcre',
diff --git a/glib/gstrfuncsprivate.h b/glib/gstrfuncsprivate.h
new file mode 100644
index 000000000..85c88328a
--- /dev/null
+++ b/glib/gstrfuncsprivate.h
@@ -0,0 +1,55 @@
+/* GLIB - Library of useful routines for C programming
+ * Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <glib.h>
+#include <string.h>
+
+/*
+ * g_memdup2:
+ * @mem: (nullable): the memory to copy.
+ * @byte_size: the number of bytes to copy.
+ *
+ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
+ * from @mem. If @mem is %NULL it returns %NULL.
+ *
+ * This replaces g_memdup(), which was prone to integer overflows when
+ * converting the argument from a #gsize to a #guint.
+ *
+ * This static inline version is a backport of the new public API from
+ * GLib 2.68, kept internal to GLib for backport to older stable releases.
+ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
+ *
+ * Returns: (nullable): a pointer to the newly-allocated copy of the memory,
+ * or %NULL if @mem is %NULL.
+ * Since: 2.68
+ */
+static inline gpointer
+g_memdup2 (gconstpointer mem,
+ gsize byte_size)
+{
+ gpointer new_mem;
+
+ if (mem && byte_size != 0)
+ {
+ new_mem = g_malloc (byte_size);
+ memcpy (new_mem, mem, byte_size);
+ }
+ else
+ new_mem = NULL;
+
+ return new_mem;
+}
diff --git a/glib/meson.build b/glib/meson.build
index aaf5f00f5..5a6eea397 100644
--- a/glib/meson.build
+++ b/glib/meson.build
@@ -268,6 +268,7 @@ glib_sources = files(
'gslist.c',
'gstdio.c',
'gstrfuncs.c',
+ 'gstrfuncsprivate.h',
'gstring.c',
'gstringchunk.c',
'gtestutils.c',
diff --git a/glib/tests/strfuncs.c b/glib/tests/strfuncs.c
index e1f9619c7..d968afff9 100644
--- a/glib/tests/strfuncs.c
+++ b/glib/tests/strfuncs.c
@@ -32,6 +32,8 @@
#include <string.h>
#include "glib.h"
+#include "gstrfuncsprivate.h"
+
#if defined (_MSC_VER) && (_MSC_VER <= 1800)
#define isnan(x) _isnan(x)
@@ -219,6 +221,26 @@ test_memdup (void)
g_free (str_dup);
}
+/* Testing g_memdup2() function with various positive and negative cases */
+static void
+test_memdup2 (void)
+{
+ gchar *str_dup = NULL;
+ const gchar *str = "The quick brown fox jumps over the lazy dog";
+
+ /* Testing negative cases */
+ g_assert_null (g_memdup2 (NULL, 1024));
+ g_assert_null (g_memdup2 (str, 0));
+ g_assert_null (g_memdup2 (NULL, 0));
+
+ /* Testing normal usage cases */
+ str_dup = g_memdup2 (str, strlen (str) + 1);
+ g_assert_nonnull (str_dup);
+ g_assert_cmpstr (str, ==, str_dup);
+
+ g_free (str_dup);
+}
+
/* Testing g_strpcpy() function with various positive and negative cases */
static void
test_stpcpy (void)
@@ -2523,6 +2545,7 @@ main (int argc,
g_test_add_func ("/strfuncs/has-prefix", test_has_prefix);
g_test_add_func ("/strfuncs/has-suffix", test_has_suffix);
g_test_add_func ("/strfuncs/memdup", test_memdup);
+ g_test_add_func ("/strfuncs/memdup2", test_memdup2);
g_test_add_func ("/strfuncs/stpcpy", test_stpcpy);
g_test_add_func ("/strfuncs/str_match_string", test_str_match_string);
g_test_add_func ("/strfuncs/str_tokenize_and_fold", test_str_tokenize_and_fold);
--
2.30.1

View File

@ -1,264 +0,0 @@
Backport of:
From be8834340a2d928ece82025463ae23dee2c333d0 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:37:56 +0000
Subject: [PATCH 02/11] gio: Use g_memdup2() instead of g_memdup() in obvious
places
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Convert all the call sites which use `g_memdup()`s length argument
trivially (for example, by passing a `sizeof()`), so that they use
`g_memdup2()` instead.
In almost all of these cases the use of `g_memdup()` would not have
caused problems, but it will soon be deprecated, so best port away from
it.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gdbusconnection.c | 5 +++--
gio/gdbusinterfaceskeleton.c | 3 ++-
gio/gfile.c | 7 ++++---
gio/gsettingsschema.c | 5 +++--
gio/gwin32registrykey.c | 8 +++++---
gio/tests/async-close-output-stream.c | 6 ++++--
gio/tests/gdbus-export.c | 5 +++--
gio/win32/gwinhttpfile.c | 9 +++++----
8 files changed, 29 insertions(+), 19 deletions(-)
diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c
index f1f0921d4..d56453486 100644
--- a/gio/gdbusconnection.c
+++ b/gio/gdbusconnection.c
@@ -110,6 +110,7 @@
#include "gasyncinitable.h"
#include "giostream.h"
#include "gasyncresult.h"
+#include "gstrfuncsprivate.h"
#include "gtask.h"
#include "gmarshal-internal.h"
@@ -3997,7 +3998,7 @@ _g_dbus_interface_vtable_copy (const GDBusInterfaceVTable *vtable)
/* Don't waste memory by copying padding - remember to update this
* when changing struct _GDBusInterfaceVTable in gdbusconnection.h
*/
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
}
static void
@@ -4014,7 +4015,7 @@ _g_dbus_subtree_vtable_copy (const GDBusSubtreeVTable *vtable)
/* Don't waste memory by copying padding - remember to update this
* when changing struct _GDBusSubtreeVTable in gdbusconnection.h
*/
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
}
static void
diff --git a/gio/gdbusinterfaceskeleton.c b/gio/gdbusinterfaceskeleton.c
index 4a06516c1..4a4b719a5 100644
--- a/gio/gdbusinterfaceskeleton.c
+++ b/gio/gdbusinterfaceskeleton.c
@@ -28,6 +28,7 @@
#include "gdbusmethodinvocation.h"
#include "gdbusconnection.h"
#include "gmarshal-internal.h"
+#include "gstrfuncsprivate.h"
#include "gtask.h"
#include "gioerror.h"
@@ -701,7 +702,7 @@ add_connection_locked (GDBusInterfaceSkeleton *interface_,
* properly before building the hooked_vtable, so we create it
* once at the last minute.
*/
- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
+ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call;
}
diff --git a/gio/gfile.c b/gio/gfile.c
index ba93f7c75..88b341e7d 100644
--- a/gio/gfile.c
+++ b/gio/gfile.c
@@ -60,6 +60,7 @@
#include "gasyncresult.h"
#include "gioerror.h"
#include "glibintl.h"
+#include "gstrfuncsprivate.h"
/**
@@ -7884,7 +7885,7 @@ measure_disk_usage_progress (gboolean reporting,
g_main_context_invoke_full (g_task_get_context (task),
g_task_get_priority (task),
measure_disk_usage_invoke_progress,
- g_memdup (&progress, sizeof progress),
+ g_memdup2 (&progress, sizeof progress),
g_free);
}
@@ -7902,7 +7903,7 @@ measure_disk_usage_thread (GTask *task,
data->progress_callback ? measure_disk_usage_progress : NULL, task,
&result.disk_usage, &result.num_dirs, &result.num_files,
&error))
- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free);
+ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free);
else
g_task_return_error (task, error);
}
@@ -7926,7 +7927,7 @@ g_file_real_measure_disk_usage_async (GFile *file,
task = g_task_new (file, cancellable, callback, user_data);
g_task_set_source_tag (task, g_file_real_measure_disk_usage_async);
- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free);
+ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free);
g_task_set_priority (task, io_priority);
g_task_run_in_thread (task, measure_disk_usage_thread);
diff --git a/gio/gsettingsschema.c b/gio/gsettingsschema.c
index 3a60b8c64..dded9b1ca 100644
--- a/gio/gsettingsschema.c
+++ b/gio/gsettingsschema.c
@@ -20,6 +20,7 @@
#include "gsettingsschema-internal.h"
#include "gsettings.h"
+#include "gstrfuncsprivate.h"
#include "gvdb/gvdb-reader.h"
#include "strinfo.c"
@@ -1058,9 +1059,9 @@ g_settings_schema_list_children (GSettingsSchema *schema)
if (g_str_has_suffix (key, "/"))
{
- gint length = strlen (key);
+ gsize length = strlen (key);
- strv[j] = g_memdup (key, length);
+ strv[j] = g_memdup2 (key, length);
strv[j][length - 1] = '\0';
j++;
}
diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
index c19fede4e..619fd48af 100644
--- a/gio/gwin32registrykey.c
+++ b/gio/gwin32registrykey.c
@@ -28,6 +28,8 @@
#include <ntstatus.h>
#include <winternl.h>
+#include "gstrfuncsprivate.h"
+
#ifndef _WDMDDK_
typedef enum _KEY_INFORMATION_CLASS {
KeyBasicInformation,
@@ -247,7 +249,7 @@ g_win32_registry_value_iter_copy (const GWin32RegistryValueIter *iter)
new_iter->value_name_size = iter->value_name_size;
if (iter->value_data != NULL)
- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size);
+ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size);
new_iter->value_data_size = iter->value_data_size;
@@ -268,8 +270,8 @@ g_win32_registry_value_iter_copy (const GWin32RegistryValueIter *iter)
new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize;
if (iter->value_data_expanded_u8 != NULL)
- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8,
- iter->value_data_expanded_charsize);
+ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8,
+ iter->value_data_expanded_charsize);
new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize;
diff --git a/gio/tests/async-close-output-stream.c b/gio/tests/async-close-output-stream.c
index 5f6620275..d3f97a119 100644
--- a/gio/tests/async-close-output-stream.c
+++ b/gio/tests/async-close-output-stream.c
@@ -24,6 +24,8 @@
#include <stdlib.h>
#include <string.h>
+#include "gstrfuncsprivate.h"
+
#define DATA_TO_WRITE "Hello world\n"
typedef struct
@@ -147,9 +149,9 @@ prepare_data (SetupData *data,
data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream));
- g_assert_cmpint (data->expected_size, >, 0);
+ g_assert_cmpuint (data->expected_size, >, 0);
- data->expected_output = g_memdup (written, (guint)data->expected_size);
+ data->expected_output = g_memdup2 (written, data->expected_size);
/* then recreate the streams and prepare them for the asynchronous close */
destroy_streams (data);
diff --git a/gio/tests/gdbus-export.c b/gio/tests/gdbus-export.c
index 506c7458a..5513306f8 100644
--- a/gio/tests/gdbus-export.c
+++ b/gio/tests/gdbus-export.c
@@ -23,6 +23,7 @@
#include <string.h>
#include "gdbus-tests.h"
+#include "gstrfuncsprivate.h"
/* all tests rely on a shared mainloop */
static GMainLoop *loop = NULL;
@@ -671,7 +672,7 @@ subtree_introspect (GDBusConnection *connection,
g_assert_not_reached ();
}
- return g_memdup (interfaces, 2 * sizeof (void *));
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
}
static const GDBusInterfaceVTable *
@@ -727,7 +728,7 @@ dynamic_subtree_introspect (GDBusConnection *connection,
{
const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL };
- return g_memdup (interfaces, 2 * sizeof (void *));
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
}
static const GDBusInterfaceVTable *
diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
index cf5eed31d..040ee8564 100644
--- a/gio/win32/gwinhttpfile.c
+++ b/gio/win32/gwinhttpfile.c
@@ -29,6 +29,7 @@
#include "gio/gfile.h"
#include "gio/gfileattribute.h"
#include "gio/gfileinfo.h"
+#include "gstrfuncsprivate.h"
#include "gwinhttpfile.h"
#include "gwinhttpfileinputstream.h"
#include "gwinhttpfileoutputstream.h"
@@ -393,10 +394,10 @@ g_winhttp_file_resolve_relative_path (GFile *file,
child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
child->vfs = winhttp_file->vfs;
child->url = winhttp_file->url;
- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
child->url.lpszUrlPath = wnew_path;
child->url.dwUrlPathLength = wcslen (wnew_path);
child->url.lpszExtraInfo = NULL;
--
2.30.1

View File

@ -1,136 +0,0 @@
From 6110caea45b235420b98cd41d845cc92238f6781 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:39:25 +0000
Subject: [PATCH 03/11] gobject: Use g_memdup2() instead of g_memdup() in
obvious places
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Convert all the call sites which use `g_memdup()`s length argument
trivially (for example, by passing a `sizeof()`), so that they use
`g_memdup2()` instead.
In almost all of these cases the use of `g_memdup()` would not have
caused problems, but it will soon be deprecated, so best port away from
it.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gobject/gsignal.c | 3 ++-
gobject/gtype.c | 9 +++++----
gobject/gtypemodule.c | 3 ++-
gobject/tests/param.c | 4 +++-
4 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/gobject/gsignal.c b/gobject/gsignal.c
index 77d8f211e..41c54ab57 100644
--- a/gobject/gsignal.c
+++ b/gobject/gsignal.c
@@ -28,6 +28,7 @@
#include <signal.h>
#include "gsignal.h"
+#include "gstrfuncsprivate.h"
#include "gtype-private.h"
#include "gbsearcharray.h"
#include "gvaluecollector.h"
@@ -1730,7 +1731,7 @@ g_signal_newv (const gchar *signal_name,
node->single_va_closure_is_valid = FALSE;
node->flags = signal_flags & G_SIGNAL_FLAGS_MASK;
node->n_params = n_params;
- node->param_types = g_memdup (param_types, sizeof (GType) * n_params);
+ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params);
node->return_type = return_type;
node->class_closure_bsa = NULL;
if (accumulator)
diff --git a/gobject/gtype.c b/gobject/gtype.c
index 7d3789400..8441b90e9 100644
--- a/gobject/gtype.c
+++ b/gobject/gtype.c
@@ -33,6 +33,7 @@
#include "glib-private.h"
#include "gconstructor.h"
+#include "gstrfuncsprivate.h"
#ifdef G_OS_WIN32
#include <windows.h>
@@ -1470,7 +1471,7 @@ type_add_interface_Wm (TypeNode *node,
iholder->next = iface_node_get_holders_L (iface);
iface_node_set_holders_W (iface, iholder);
iholder->instance_type = NODE_TYPE (node);
- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL;
+ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL;
iholder->plugin = plugin;
/* create an iface entry for this type */
@@ -1731,7 +1732,7 @@ type_iface_retrieve_holder_info_Wm (TypeNode *iface,
INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface));
check_interface_info_I (iface, instance_type, &tmp_info);
- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info));
+ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info));
}
return iholder; /* we don't modify write lock upon returning NULL */
@@ -2016,10 +2017,10 @@ type_iface_vtable_base_init_Wm (TypeNode *iface,
IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface);
if (pentry)
- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size);
+ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size);
}
if (!vtable)
- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
+ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
entry->vtable = vtable;
vtable->g_type = NODE_TYPE (iface);
vtable->g_instance_type = NODE_TYPE (node);
diff --git a/gobject/gtypemodule.c b/gobject/gtypemodule.c
index 4ecaf8c88..20911fafd 100644
--- a/gobject/gtypemodule.c
+++ b/gobject/gtypemodule.c
@@ -19,6 +19,7 @@
#include <stdlib.h>
+#include "gstrfuncsprivate.h"
#include "gtypeplugin.h"
#include "gtypemodule.h"
@@ -436,7 +437,7 @@ g_type_module_register_type (GTypeModule *module,
module_type_info->loaded = TRUE;
module_type_info->info = *type_info;
if (type_info->value_table)
- module_type_info->info.value_table = g_memdup (type_info->value_table,
+ module_type_info->info.value_table = g_memdup2 (type_info->value_table,
sizeof (GTypeValueTable));
return module_type_info->type;
diff --git a/gobject/tests/param.c b/gobject/tests/param.c
index 758289bf8..971cff162 100644
--- a/gobject/tests/param.c
+++ b/gobject/tests/param.c
@@ -2,6 +2,8 @@
#include <glib-object.h>
#include <stdlib.h>
+#include "gstrfuncsprivate.h"
+
static void
test_param_value (void)
{
@@ -851,7 +853,7 @@ main (int argc, char *argv[])
test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d",
data.change_this_flag, data.change_this_type,
data.use_this_flag, data.use_this_type);
- test_data = g_memdup (&data, sizeof (TestParamImplementData));
+ test_data = g_memdup2 (&data, sizeof (TestParamImplementData));
g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free);
g_free (test_path);
}
--
2.30.1

View File

@ -1,308 +0,0 @@
Backport of:
From 0736b7c1e7cf4232c5d7eb2b0fbfe9be81bd3baa Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:41:21 +0000
Subject: [PATCH 04/11] glib: Use g_memdup2() instead of g_memdup() in obvious
places
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Convert all the call sites which use `g_memdup()`s length argument
trivially (for example, by passing a `sizeof()` or an existing `gsize`
variable), so that they use `g_memdup2()` instead.
In almost all of these cases the use of `g_memdup()` would not have
caused problems, but it will soon be deprecated, so best port away from
it
In particular, this fixes an overflow within `g_bytes_new()`, identified
as GHSL-2021-045 by GHSL team member Kevin Backhouse.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: GHSL-2021-045
Helps: #2319
---
glib/gbytes.c | 6 ++++--
glib/gdir.c | 3 ++-
glib/ghash.c | 7 ++++---
glib/giochannel.c | 3 ++-
glib/gslice.c | 3 ++-
glib/gtestutils.c | 3 ++-
glib/gvariant.c | 7 ++++---
glib/gvarianttype.c | 3 ++-
glib/tests/array-test.c | 4 +++-
glib/tests/option-context.c | 6 ++++--
10 files changed, 29 insertions(+), 16 deletions(-)
diff --git a/glib/gbytes.c b/glib/gbytes.c
index d56abe6c3..dee494820 100644
--- a/glib/gbytes.c
+++ b/glib/gbytes.c
@@ -34,6 +34,8 @@
#include <string.h>
+#include "gstrfuncsprivate.h"
+
/**
* GBytes:
*
@@ -95,7 +97,7 @@ g_bytes_new (gconstpointer data,
{
g_return_val_if_fail (data != NULL || size == 0, NULL);
- return g_bytes_new_take (g_memdup (data, size), size);
+ return g_bytes_new_take (g_memdup2 (data, size), size);
}
/**
@@ -499,7 +501,7 @@ g_bytes_unref_to_data (GBytes *bytes,
* Copy: Non g_malloc (or compatible) allocator, or static memory,
* so we have to copy, and then unref.
*/
- result = g_memdup (bytes->data, bytes->size);
+ result = g_memdup2 (bytes->data, bytes->size);
*size = bytes->size;
g_bytes_unref (bytes);
}
diff --git a/glib/gdir.c b/glib/gdir.c
index 6b85e99c8..6747a8c6f 100644
--- a/glib/gdir.c
+++ b/glib/gdir.c
@@ -37,6 +37,7 @@
#include "gconvert.h"
#include "gfileutils.h"
#include "gstrfuncs.h"
+#include "gstrfuncsprivate.h"
#include "gtestutils.h"
#include "glibintl.h"
@@ -112,7 +113,7 @@ g_dir_open_with_errno (const gchar *path,
return NULL;
#endif
- return g_memdup (&dir, sizeof dir);
+ return g_memdup2 (&dir, sizeof dir);
}
/**
diff --git a/glib/ghash.c b/glib/ghash.c
index e61b03788..26f26062b 100644
--- a/glib/ghash.c
+++ b/glib/ghash.c
@@ -34,6 +34,7 @@
#include "gmacros.h"
#include "glib-private.h"
#include "gstrfuncs.h"
+#include "gstrfuncsprivate.h"
#include "gatomic.h"
#include "gtestutils.h"
#include "gslice.h"
@@ -964,7 +965,7 @@ g_hash_table_ensure_keyval_fits (GHashTable *hash_table, gpointer key, gpointer
if (hash_table->have_big_keys)
{
if (key != value)
- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size);
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size);
/* Keys and values are both big now, so no need for further checks */
return;
}
@@ -972,7 +973,7 @@ g_hash_table_ensure_keyval_fits (GHashTable *hash_table, gpointer key, gpointer
{
if (key != value)
{
- hash_table->values = g_memdup (hash_table->keys, sizeof (guint) * hash_table->size);
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (guint) * hash_table->size);
is_a_set = FALSE;
}
}
@@ -1000,7 +1001,7 @@ g_hash_table_ensure_keyval_fits (GHashTable *hash_table, gpointer key, gpointer
/* Just split if necessary */
if (is_a_set && key != value)
- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size);
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size);
#endif
}
diff --git a/glib/giochannel.c b/glib/giochannel.c
index 1956e9dc6..15927c391 100644
--- a/glib/giochannel.c
+++ b/glib/giochannel.c
@@ -37,6 +37,7 @@
#include "giochannel.h"
#include "gstrfuncs.h"
+#include "gstrfuncsprivate.h"
#include "gtestutils.h"
#include "glibintl.h"
@@ -892,7 +893,7 @@ g_io_channel_set_line_term (GIOChannel *channel,
length = strlen (line_term);
g_free (channel->line_term);
- channel->line_term = line_term ? g_memdup (line_term, length) : NULL;
+ channel->line_term = line_term ? g_memdup2 (line_term, length) : NULL;
channel->line_term_len = length;
}
diff --git a/glib/gslice.c b/glib/gslice.c
index 4c758c3be..bcdbb8853 100644
--- a/glib/gslice.c
+++ b/glib/gslice.c
@@ -41,6 +41,7 @@
#include "gmain.h"
#include "gmem.h" /* gslice.h */
#include "gstrfuncs.h"
+#include "gstrfuncsprivate.h"
#include "gutils.h"
#include "gtrashstack.h"
#include "gtestutils.h"
@@ -350,7 +351,7 @@ g_slice_get_config_state (GSliceConfig ckey,
array[i++] = allocator->contention_counters[address];
array[i++] = allocator_get_magazine_threshold (allocator, address);
*n_values = i;
- return g_memdup (array, sizeof (array[0]) * *n_values);
+ return g_memdup2 (array, sizeof (array[0]) * *n_values);
default:
return NULL;
}
diff --git a/glib/gtestutils.c b/glib/gtestutils.c
index dd789482f..5887ecc36 100644
--- a/glib/gtestutils.c
+++ b/glib/gtestutils.c
@@ -49,6 +49,7 @@
#include "gpattern.h"
#include "grand.h"
#include "gstrfuncs.h"
+#include "gstrfuncsprivate.h"
#include "gtimer.h"
#include "gslice.h"
#include "gspawn.h"
@@ -3798,7 +3799,7 @@ g_test_log_extract (GTestLogBuffer *tbuffer)
if (p <= tbuffer->data->str + mlength)
{
g_string_erase (tbuffer->data, 0, mlength);
- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg)));
+ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg)));
return TRUE;
}
diff --git a/glib/gvariant.c b/glib/gvariant.c
index b61bf7278..d6f68a9ea 100644
--- a/glib/gvariant.c
+++ b/glib/gvariant.c
@@ -33,6 +33,7 @@
#include <string.h>
+#include "gstrfuncsprivate.h"
/**
* SECTION:gvariant
@@ -725,7 +726,7 @@ g_variant_new_variant (GVariant *value)
g_variant_ref_sink (value);
return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT,
- g_memdup (&value, sizeof value),
+ g_memdup2 (&value, sizeof value),
1, g_variant_is_trusted (value));
}
@@ -1229,7 +1230,7 @@ g_variant_new_fixed_array (const GVariantType *element_type,
return NULL;
}
- data = g_memdup (elements, n_elements * element_size);
+ data = g_memdup2 (elements, n_elements * element_size);
value = g_variant_new_from_data (array_type, data,
n_elements * element_size,
FALSE, g_free, data);
@@ -1908,7 +1909,7 @@ g_variant_dup_bytestring (GVariant *value,
if (length)
*length = size;
- return g_memdup (original, size + 1);
+ return g_memdup2 (original, size + 1);
}
/**
diff --git a/glib/gvarianttype.c b/glib/gvarianttype.c
index 1a228f73b..07659ff12 100644
--- a/glib/gvarianttype.c
+++ b/glib/gvarianttype.c
@@ -28,6 +28,7 @@
#include <string.h>
+#include "gstrfuncsprivate.h"
/**
* SECTION:gvarianttype
@@ -1181,7 +1182,7 @@ g_variant_type_new_tuple (const GVariantType * const *items,
g_assert (offset < sizeof buffer);
buffer[offset++] = ')';
- return (GVariantType *) g_memdup (buffer, offset);
+ return (GVariantType *) g_memdup2 (buffer, offset);
}
/**
diff --git a/glib/tests/array-test.c b/glib/tests/array-test.c
index 3fcf1136a..11982f822 100644
--- a/glib/tests/array-test.c
+++ b/glib/tests/array-test.c
@@ -29,6 +29,8 @@
#include <string.h>
#include "glib.h"
+#include "gstrfuncsprivate.h"
+
/* Test data to be passed to any function which calls g_array_new(), providing
* the parameters for that call. Most #GArray tests should be repeated for all
* possible values of #ArrayTestData. */
@@ -1642,7 +1644,7 @@ byte_array_new_take (void)
GByteArray *gbarray;
guint8 *data;
- data = g_memdup ("woooweeewow", 11);
+ data = g_memdup2 ("woooweeewow", 11);
gbarray = g_byte_array_new_take (data, 11);
g_assert (gbarray->data == data);
g_assert_cmpuint (gbarray->len, ==, 11);
diff --git a/glib/tests/option-context.c b/glib/tests/option-context.c
index 149d22353..88d2b80d1 100644
--- a/glib/tests/option-context.c
+++ b/glib/tests/option-context.c
@@ -27,6 +27,8 @@
#include <string.h>
#include <locale.h>
+#include "gstrfuncsprivate.h"
+
static GOptionEntry main_entries[] = {
{ "main-switch", 0, 0,
G_OPTION_ARG_NONE, NULL,
@@ -256,7 +258,7 @@ join_stringv (int argc, char **argv)
static char **
copy_stringv (char **argv, int argc)
{
- return g_memdup (argv, sizeof (char *) * (argc + 1));
+ return g_memdup2 (argv, sizeof (char *) * (argc + 1));
}
static void
@@ -2323,7 +2325,7 @@ test_group_parse (void)
g_option_context_add_group (context, group);
argv = split_string ("program --test arg1 -f arg2 --group-test arg3 --frob arg4 -z arg5", &argc);
- orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *));
+ orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *));
retval = g_option_context_parse (context, &argc, &argv, &error);
--
2.30.1

View File

@ -1,47 +0,0 @@
From 0cbad673215ec8a049b7fe2ff44b0beed31b376e Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 16:12:24 +0000
Subject: [PATCH 05/11] gwinhttpfile: Avoid arithmetic overflow when
calculating a size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The members of `URL_COMPONENTS` (`winhttp_file->url`) are `DWORD`s, i.e.
32-bit unsigned integers. Adding to and multiplying them may cause them
to overflow the unsigned integer bounds, even if the result is passed to
`g_memdup2()` which accepts a `gsize`.
Cast the `URL_COMPONENTS` members to `gsize` first to ensure that the
arithmetic is done in terms of `gsize`s rather than unsigned integers.
Spotted by Sebastian Dröge.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/win32/gwinhttpfile.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
index 040ee8564..246ec0578 100644
--- a/gio/win32/gwinhttpfile.c
+++ b/gio/win32/gwinhttpfile.c
@@ -394,10 +394,10 @@ g_winhttp_file_resolve_relative_path (GFile *file,
child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
child->vfs = winhttp_file->vfs;
child->url = winhttp_file->url;
- child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
- child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
- child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
- child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, ((gsize) winhttp_file->url.dwSchemeLength + 1) * 2);
+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) * 2);
+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) * 2);
+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) * 2);
child->url.lpszUrlPath = wnew_path;
child->url.dwUrlPathLength = wcslen (wnew_path);
child->url.lpszExtraInfo = NULL;
--
2.30.1

View File

@ -1,94 +0,0 @@
From f9ee2275cbc312c0b4cdbc338a4fbb76eb36fb9a Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:49:00 +0000
Subject: [PATCH 06/11] gdatainputstream: Handle stop_chars_len internally as
gsize
Previously it was handled as a `gssize`, which meant that if the
`stop_chars` string was longer than `G_MAXSSIZE` there would be an
overflow.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gdatainputstream.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c
index 2e7750cb5..2cdcbda19 100644
--- a/gio/gdatainputstream.c
+++ b/gio/gdatainputstream.c
@@ -27,6 +27,7 @@
#include "gioenumtypes.h"
#include "gioerror.h"
#include "glibintl.h"
+#include "gstrfuncsprivate.h"
#include <string.h>
@@ -856,7 +857,7 @@ static gssize
scan_for_chars (GDataInputStream *stream,
gsize *checked_out,
const char *stop_chars,
- gssize stop_chars_len)
+ gsize stop_chars_len)
{
GBufferedInputStream *bstream;
const char *buffer;
@@ -952,7 +953,7 @@ typedef struct
gsize checked;
gchar *stop_chars;
- gssize stop_chars_len;
+ gsize stop_chars_len;
gsize length;
} GDataInputStreamReadData;
@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async (GDataInputStream *stream,
{
GDataInputStreamReadData *data;
GTask *task;
+ gsize stop_chars_len_unsigned;
data = g_slice_new0 (GDataInputStreamReadData);
- if (stop_chars_len == -1)
- stop_chars_len = strlen (stop_chars);
- data->stop_chars = g_memdup (stop_chars, stop_chars_len);
- data->stop_chars_len = stop_chars_len;
+
+ if (stop_chars_len < 0)
+ stop_chars_len_unsigned = strlen (stop_chars);
+ else
+ stop_chars_len_unsigned = (gsize) stop_chars_len;
+
+ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned);
+ data->stop_chars_len = stop_chars_len_unsigned;
data->last_saw_cr = FALSE;
task = g_task_new (stream, cancellable, callback, user_data);
@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto (GDataInputStream *stream,
gssize found_pos;
gssize res;
char *data_until;
+ gsize stop_chars_len_unsigned;
g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL);
if (stop_chars_len < 0)
- stop_chars_len = strlen (stop_chars);
+ stop_chars_len_unsigned = strlen (stop_chars);
+ else
+ stop_chars_len_unsigned = (gsize) stop_chars_len;
bstream = G_BUFFERED_INPUT_STREAM (stream);
checked = 0;
- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1)
+ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1)
{
if (g_buffered_input_stream_get_available (bstream) ==
g_buffered_input_stream_get_buffer_size (bstream))
--
2.30.1

View File

@ -1,118 +0,0 @@
Backport of:
From 2aaf593a9eb96d84fe3be740aca2810a97d95592 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:50:37 +0000
Subject: [PATCH 07/11] gwin32: Use gsize internally in g_wcsdup()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This allows it to handle strings up to length `G_MAXSIZE` — previously
it would overflow with such strings.
Update the several copies of it identically.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gwin32appinfo.c | 33 ++++++++++++++++++++++++++-------
gio/gwin32registrykey.c | 34 ++++++++++++++++++++++++++--------
2 files changed, 52 insertions(+), 15 deletions(-)
diff --git a/gio/gwin32appinfo.c b/gio/gwin32appinfo.c
index 9f335b370..dd7a96a4a 100644
--- a/gio/gwin32appinfo.c
+++ b/gio/gwin32appinfo.c
@@ -464,15 +464,34 @@ static GWin32RegistryKey *applications_key;
/* Watch this key */
static GWin32RegistryKey *classes_root_key;
+static gsize
+g_utf16_len (const gunichar2 *str)
+{
+ gsize result;
+
+ for (result = 0; str[0] != 0; str++, result++)
+ ;
+
+ return result;
+}
+
static gunichar2 *
-g_wcsdup (const gunichar2 *str, gssize str_size)
+g_wcsdup (const gunichar2 *str, gssize str_len)
{
- if (str_size == -1)
- {
- str_size = wcslen (str) + 1;
- str_size *= sizeof (gunichar2);
- }
- return g_memdup (str, str_size);
+ gsize str_len_unsigned;
+ gsize str_size;
+
+ g_return_val_if_fail (str != NULL, NULL);
+
+ if (str_len < 0)
+ str_len_unsigned = g_utf16_len (str);
+ else
+ str_len_unsigned = (gsize) str_len;
+
+ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1);
+ str_size = (str_len_unsigned + 1) * sizeof (gunichar2);
+
+ return g_memdup2 (str, str_size);
}
#define URL_ASSOCIATIONS L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\"
diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
index 619fd48af..fbd65311a 100644
--- a/gio/gwin32registrykey.c
+++ b/gio/gwin32registrykey.c
@@ -127,16 +127,34 @@ typedef enum
G_WIN32_REGISTRY_UPDATED_PATH = 1,
} GWin32RegistryKeyUpdateFlag;
+static gsize
+g_utf16_len (const gunichar2 *str)
+{
+ gsize result;
+
+ for (result = 0; str[0] != 0; str++, result++)
+ ;
+
+ return result;
+}
+
static gunichar2 *
-g_wcsdup (const gunichar2 *str,
- gssize str_size)
+g_wcsdup (const gunichar2 *str, gssize str_len)
{
- if (str_size == -1)
- {
- str_size = wcslen (str) + 1;
- str_size *= sizeof (gunichar2);
- }
- return g_memdup (str, str_size);
+ gsize str_len_unsigned;
+ gsize str_size;
+
+ g_return_val_if_fail (str != NULL, NULL);
+
+ if (str_len < 0)
+ str_len_unsigned = g_utf16_len (str);
+ else
+ str_len_unsigned = (gsize) str_len;
+
+ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1);
+ str_size = (str_len_unsigned + 1) * sizeof (gunichar2);
+
+ return g_memdup2 (str, str_size);
}
/**
--
2.30.1

View File

@ -1,94 +0,0 @@
From ba8ca443051f93a74c0d03d62e70402036f967a5 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:58:32 +0000
Subject: [PATCH 08/11] gkeyfilesettingsbackend: Handle long keys when
converting paths
Previously, the code in `convert_path()` could not handle keys longer
than `G_MAXINT`, and would overflow if that was exceeded.
Convert the code to use `gsize` and `g_memdup2()` throughout, and
change from identifying the position of the final slash in the string
using a signed offset `i`, to using a pointer to the character (and
`strrchr()`). This allows the slash to be at any position in a
`G_MAXSIZE`-long string, without sacrificing a bit of the offset for
indicating whether a slash was found.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gkeyfilesettingsbackend.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
index cd5765afd..25b057672 100644
--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
@@ -33,6 +33,7 @@
#include "gfilemonitor.h"
#include "gsimplepermission.h"
#include "gsettingsbackendinternal.h"
+#include "gstrfuncsprivate.h"
#include "giomodule-priv.h"
#include "gportalsupport.h"
@@ -145,8 +146,8 @@ convert_path (GKeyfileSettingsBackend *kfsb,
gchar **group,
gchar **basename)
{
- gint key_len = strlen (key);
- gint i;
+ gsize key_len = strlen (key);
+ const gchar *last_slash;
if (key_len < kfsb->prefix_len ||
memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0)
@@ -155,38 +156,36 @@ convert_path (GKeyfileSettingsBackend *kfsb,
key_len -= kfsb->prefix_len;
key += kfsb->prefix_len;
- for (i = key_len; i >= 0; i--)
- if (key[i] == '/')
- break;
+ last_slash = strrchr (key, '/');
if (kfsb->root_group)
{
/* if a root_group was specified, make sure the user hasn't given
* a path that ghosts that group name
*/
- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0)
+ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0)
return FALSE;
}
else
{
/* if no root_group was given, ensure that the user gave a path */
- if (i == -1)
+ if (last_slash == NULL)
return FALSE;
}
if (group)
{
- if (i >= 0)
+ if (last_slash != NULL)
{
- *group = g_memdup (key, i + 1);
- (*group)[i] = '\0';
+ *group = g_memdup2 (key, (last_slash - key) + 1);
+ (*group)[(last_slash - key)] = '\0';
}
else
*group = g_strdup (kfsb->root_group);
}
if (basename)
- *basename = g_memdup (key + i + 1, key_len - i);
+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
return TRUE;
}
--
2.30.1

View File

@ -1,98 +0,0 @@
From 65ec7f4d6e8832c481f6e00e2eb007b9a60024ce Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 14:00:53 +0000
Subject: [PATCH 09/11] gsocket: Use gsize to track native sockaddr's size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Dont use an `int`, thats potentially too small. In practical terms,
this is not a problem, since no socket address is going to be that big.
By making these changes we can use `g_memdup2()` without warnings,
though. Fewer warnings is good.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gsocket.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/gio/gsocket.c b/gio/gsocket.c
index 66073af83..a3af149e8 100644
--- a/gio/gsocket.c
+++ b/gio/gsocket.c
@@ -75,6 +75,7 @@
#include "gcredentialsprivate.h"
#include "glibintl.h"
#include "gioprivate.h"
+#include "gstrfuncsprivate.h"
#ifdef G_OS_WIN32
/* For Windows XP runtime compatibility, but use the system's if_nametoindex() if available */
@@ -174,7 +175,7 @@ static gboolean g_socket_datagram_based_condition_wait (GDatagramBased
GError **error);
static GSocketAddress *
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len);
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len);
static gssize
g_socket_receive_message_with_timeout (GSocket *socket,
@@ -260,7 +261,7 @@ struct _GSocketPrivate
struct {
GSocketAddress *addr;
struct sockaddr *native;
- gint native_len;
+ gsize native_len;
guint64 last_used;
} recv_addr_cache[RECV_ADDR_CACHE_SIZE];
};
@@ -5211,14 +5212,14 @@ g_socket_send_messages_with_timeout (GSocket *socket,
}
static GSocketAddress *
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len)
{
GSocketAddress *saddr;
gint i;
guint64 oldest_time = G_MAXUINT64;
gint oldest_index = 0;
- if (native_len <= 0)
+ if (native_len == 0)
return NULL;
saddr = NULL;
@@ -5226,7 +5227,7 @@ cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
{
GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr;
gpointer tmp_native = socket->priv->recv_addr_cache[i].native;
- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
+ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
if (!tmp)
continue;
@@ -5256,7 +5257,7 @@ cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
g_free (socket->priv->recv_addr_cache[oldest_index].native);
}
- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len);
+ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len);
socket->priv->recv_addr_cache[oldest_index].native_len = native_len;
socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr);
socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time ();
@@ -5404,6 +5405,9 @@ g_socket_receive_message_with_timeout (GSocket *socket,
/* do it */
while (1)
{
+ /* addrlen has to be of type int because thats how WSARecvFrom() is defined */
+ G_STATIC_ASSERT (sizeof addr <= G_MAXINT);
+
addrlen = sizeof addr;
if (address)
result = WSARecvFrom (socket->priv->fd,
--
2.30.1

View File

@ -1,52 +0,0 @@
From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 14:07:39 +0000
Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The public API `g_tls_password_set_value_full()` (and the vfunc it
invokes) can only accept a `gssize` length. Ensure that nul-terminated
strings passed to `g_tls_password_set_value()` cant exceed that length.
Use `g_memdup2()` to avoid an overflow if theyre longer than
`G_MAXUINT` similarly.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gtlspassword.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
index 1e437a7b6..dbcec41a8 100644
--- a/gio/gtlspassword.c
+++ b/gio/gtlspassword.c
@@ -23,6 +23,7 @@
#include "glibintl.h"
#include "gioenumtypes.h"
+#include "gstrfuncsprivate.h"
#include "gtlspassword.h"
#include <string.h>
@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword *password,
g_return_if_fail (G_IS_TLS_PASSWORD (password));
if (length < 0)
- length = strlen ((gchar *)value);
+ {
+ /* FIXME: g_tls_password_set_value_full() doesnt support unsigned gsize */
+ gsize length_unsigned = strlen ((gchar *) value);
+ g_return_if_fail (length_unsigned > G_MAXSSIZE);
+ length = (gssize) length_unsigned;
+ }
- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
+ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
}
/**
--
2.30.1

View File

@ -1,57 +0,0 @@
From ecdf91400e9a538695a0895b95ad7e8abcdf1749 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 14:09:40 +0000
Subject: [PATCH 11/11] giochannel: Forbid very long line terminator strings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The public API `GIOChannel.line_term_len` is only a `guint`. Ensure that
nul-terminated strings passed to `g_io_channel_set_line_term()` cant
exceed that length. Use `g_memdup2()` to avoid a warning (`g_memdup()`
is due to be deprecated), but not to avoid a bug, since its also
limited to `G_MAXUINT`.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
glib/giochannel.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/glib/giochannel.c b/glib/giochannel.c
index 15927c391..66c6591f0 100644
--- a/glib/giochannel.c
+++ b/glib/giochannel.c
@@ -884,16 +884,25 @@ g_io_channel_set_line_term (GIOChannel *channel,
const gchar *line_term,
gint length)
{
+ guint length_unsigned;
+
g_return_if_fail (channel != NULL);
g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */
if (line_term == NULL)
- length = 0;
- else if (length < 0)
- length = strlen (line_term);
+ length_unsigned = 0;
+ else if (length >= 0)
+ length_unsigned = (guint) length;
+ else
+ {
+ /* FIXME: Were constrained by line_term_len being a guint here */
+ gsize length_size = strlen (line_term);
+ g_return_if_fail (length_size > G_MAXUINT);
+ length_unsigned = (guint) length_size;
+ }
g_free (channel->line_term);
- channel->line_term = line_term ? g_memdup2 (line_term, length) : NULL;
+ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL;
channel->line_term_len = length;
}
--
2.30.1

View File

@ -1,30 +0,0 @@
From f8273b9aded135fe07094faebd527e43851aaf6e Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Sun, 7 Feb 2021 23:32:40 +0100
Subject: [PATCH 1/5] giochannel: Fix length_size bounds check
The inverted condition is an obvious error introduced by ecdf91400e9a.
Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2323
(cherry picked from commit a149bf2f9030168051942124536e303af8ba6176)
---
glib/giochannel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/glib/giochannel.c b/glib/giochannel.c
index 66c6591f0..0d9d5f223 100644
--- a/glib/giochannel.c
+++ b/glib/giochannel.c
@@ -897,7 +897,7 @@ g_io_channel_set_line_term (GIOChannel *channel,
{
/* FIXME: Were constrained by line_term_len being a guint here */
gsize length_size = strlen (line_term);
- g_return_if_fail (length_size > G_MAXUINT);
+ g_return_if_fail (length_size <= G_MAXUINT);
length_unsigned = (guint) length_size;
}
--
2.30.1

View File

@ -1,32 +0,0 @@
From e069c50467712e6d607822afd6b6c15c2c343dff Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 8 Feb 2021 10:34:50 +0000
Subject: [PATCH 2/5] giochannel: Don't store negative line_term_len in
GIOChannel struct
Adding test coverage indicated that this was another bug in 0cc11f74.
Fixes: 0cc11f74 "giochannel: Forbid very long line terminator strings"
Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2323
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 5dc8b0014c03e7491d93b90275ab442e888a9628)
---
glib/giochannel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/glib/giochannel.c b/glib/giochannel.c
index 0d9d5f223..4c39b9dc0 100644
--- a/glib/giochannel.c
+++ b/glib/giochannel.c
@@ -903,7 +903,7 @@ g_io_channel_set_line_term (GIOChannel *channel,
g_free (channel->line_term);
channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL;
- channel->line_term_len = length;
+ channel->line_term_len = length_unsigned;
}
/**
--
2.30.1

View File

@ -1,32 +0,0 @@
From 4506d1859a863087598c8d122740bae25b65b099 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 8 Feb 2021 10:04:48 +0000
Subject: [PATCH 4/5] gtlspassword: Fix inverted assertion
The intention here was to assert that the length of the password fits
in a gssize. Passwords more than half the size of virtual memory are
probably excessive.
Fixes: a8b204ff "gtlspassword: Forbid very long TLS passwords"
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 61bb52ec42de1082bfb06ce1c737fc295bfe60b8)
---
gio/gtlspassword.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
index dbcec41a8..bd86a6dfe 100644
--- a/gio/gtlspassword.c
+++ b/gio/gtlspassword.c
@@ -291,7 +291,7 @@ g_tls_password_set_value (GTlsPassword *password,
{
/* FIXME: g_tls_password_set_value_full() doesnt support unsigned gsize */
gsize length_unsigned = strlen ((gchar *) value);
- g_return_if_fail (length_unsigned > G_MAXSSIZE);
+ g_return_if_fail (length_unsigned <= G_MAXSSIZE);
length = (gssize) length_unsigned;
}
--
2.30.1

View File

@ -1,95 +0,0 @@
From 3d1550354c3c6a8491c39881752d51cb7515f2c2 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 8 Feb 2021 10:22:39 +0000
Subject: [PATCH 5/5] tls-interaction: Add test coverage for various ways to
set the password
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit df4501316ca3903072400504a5ea76498db19538)
---
gio/tests/tls-interaction.c | 55 +++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c
index 4f0737d7e..5661e8e0d 100644
--- a/gio/tests/tls-interaction.c
+++ b/gio/tests/tls-interaction.c
@@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction *interaction,
}
+/* Return a copy of @str that is allocated in a silly way, to exercise
+ * custom free-functions. The returned pointer points to a copy of @str
+ * in a buffer of the form "BEFORE \0 str \0 AFTER". */
+static guchar *
+special_dup (const char *str)
+{
+ GString *buf = g_string_new ("BEFORE");
+ guchar *ret;
+
+ g_string_append_c (buf, '\0');
+ g_string_append (buf, str);
+ g_string_append_c (buf, '\0');
+ g_string_append (buf, "AFTER");
+ ret = (guchar *) g_string_free (buf, FALSE);
+ return ret + strlen ("BEFORE") + 1;
+}
+
+
+/* Free a copy of @str that was made with special_dup(), after asserting
+ * that it has not been corrupted. */
+static void
+special_free (gpointer p)
+{
+ gchar *s = p;
+ gchar *buf = s - strlen ("BEFORE") - 1;
+
+ g_assert_cmpstr (buf, ==, "BEFORE");
+ g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER");
+ g_free (buf);
+}
+
+
static GTlsInteractionResult
test_interaction_ask_password_sync_success (GTlsInteraction *interaction,
GTlsPassword *password,
@@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction,
GError **error)
{
TestInteraction *self;
+ const guchar *value;
+ gsize len;
g_assert (TEST_IS_INTERACTION (interaction));
self = TEST_INTERACTION (interaction);
@@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction,
g_assert (error != NULL);
g_assert (*error == NULL);
+ /* Exercise different ways to set the value */
+ g_tls_password_set_value (password, (const guchar *) "foo", 4);
+ len = 0;
+ value = g_tls_password_get_value (password, &len);
+ g_assert_cmpmem (value, len, "foo", 4);
+
+ g_tls_password_set_value (password, (const guchar *) "bar", -1);
+ len = 0;
+ value = g_tls_password_get_value (password, &len);
+ g_assert_cmpmem (value, len, "bar", 3);
+
+ g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free);
+ len = 0;
+ value = g_tls_password_get_value (password, &len);
+ g_assert_cmpmem (value, len, "baa", 4);
+
+ g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free);
+ len = 0;
+ value = g_tls_password_get_value (password, &len);
+ g_assert_cmpmem (value, len, "baz", 3);
+
/* Don't do this in real life. Include a null terminator for testing */
g_tls_password_set_value (password, (const guchar *)"the password", 13);
return G_TLS_INTERACTION_HANDLED;
--
2.30.1

View File

@ -1,43 +0,0 @@
From cb9ee701ef46c1819eed4e2a4dc181682bdfc176 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 10 Feb 2021 21:16:39 +0000
Subject: [PATCH 1/3] gkeyfilesettingsbackend: Fix basename handling when group
is unset
Fix an effective regression in commit
7781a9cbd2fd0aa84bee0f4eee88470640ff6706, which happens when
`convert_path()` is called with a `key` which contains no slashes. In
that case, the `key` is entirely the `basename`.
Prior to commit 7781a9cb, the code worked through a fluke of `i == -1`
cancelling out with the various additions in the `g_memdup()` call, and
effectively resulting in `g_strdup (key)`.
Spotted by Guido Berhoerster.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
gio/gkeyfilesettingsbackend.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
index 25b057672..861c3a661 100644
--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
@@ -185,7 +185,12 @@ convert_path (GKeyfileSettingsBackend *kfsb,
}
if (basename)
- *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
+ {
+ if (last_slash != NULL)
+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
+ else
+ *basename = g_strdup (key);
+ }
return TRUE;
}
--
2.30.1

View File

@ -1,37 +0,0 @@
From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 10 Feb 2021 21:19:30 +0000
Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group
names
These should never have been allowed; they will result in precondition
failures from the `GKeyFile` later on in the code.
A test will be added for this shortly.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
gio/gkeyfilesettingsbackend.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
index 861c3a661..de216e615 100644
--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb,
last_slash = strrchr (key, '/');
+ /* Disallow empty group names or key names */
+ if (key_len == 0 ||
+ (last_slash != NULL &&
+ (*(last_slash + 1) == '\0' ||
+ last_slash == key)))
+ return FALSE;
+
if (kfsb->root_group)
{
/* if a root_group was specified, make sure the user hasn't given
--
2.30.1

View File

@ -1,232 +0,0 @@
Backport of:
From 221c26685354dea2b2732df94404e8e5e77a1591 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 10 Feb 2021 21:21:36 +0000
Subject: [PATCH 3/3] tests: Add tests for key name handling in the keyfile
backend
This tests the two recent commits.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
gio/tests/gsettings.c | 171 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 170 insertions(+), 1 deletion(-)
diff --git a/gio/tests/gsettings.c b/gio/tests/gsettings.c
index baadca8f5..afe594a23 100644
--- a/gio/tests/gsettings.c
+++ b/gio/tests/gsettings.c
@@ -1,3 +1,4 @@
+#include <errno.h>
#include <stdlib.h>
#include <locale.h>
#include <libintl.h>
@@ -1740,6 +1741,14 @@ key_changed_cb (GSettings *settings, const gchar *key, gpointer data)
(*b) = TRUE;
}
+typedef struct
+{
+ const gchar *path;
+ const gchar *root_group;
+ const gchar *keyfile_group;
+ const gchar *root_path;
+} KeyfileTestData;
+
/*
* Test that using a keyfile works
*/
@@ -1834,7 +1843,11 @@ test_keyfile (Fixture *fixture,
g_free (str);
g_settings_set (settings, "farewell", "s", "cheerio");
-
+
+ /* Check that empty keys/groups are not allowed. */
+ g_assert_false (g_settings_is_writable (settings, ""));
+ g_assert_false (g_settings_is_writable (settings, "/"));
+
/* When executing as root, changing the mode of the keyfile will have
* no effect on the writability of the settings.
*/
@@ -1866,6 +1879,149 @@ test_keyfile (Fixture *fixture,
g_free (keyfile_path);
}
+/*
+ * Test that using a keyfile works with a schema with no path set.
+ */
+static void
+test_keyfile_no_path (Fixture *fixture,
+ gconstpointer user_data)
+{
+ const KeyfileTestData *test_data = user_data;
+ GSettingsBackend *kf_backend;
+ GSettings *settings;
+ GKeyFile *keyfile;
+ gboolean writable;
+ gchar *key = NULL;
+ GError *error = NULL;
+ gchar *keyfile_path = NULL, *store_path = NULL;
+
+ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
+ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
+ kf_backend = g_keyfile_settings_backend_new (store_path, test_data->root_path, test_data->root_group);
+ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, test_data->path);
+ g_object_unref (kf_backend);
+
+ g_settings_reset (settings, "test-boolean");
+ g_assert_true (g_settings_get_boolean (settings, "test-boolean"));
+
+ writable = g_settings_is_writable (settings, "test-boolean");
+ g_assert_true (writable);
+ g_settings_set (settings, "test-boolean", "b", FALSE);
+
+ g_assert_false (g_settings_get_boolean (settings, "test-boolean"));
+
+ g_settings_delay (settings);
+ g_settings_set (settings, "test-boolean", "b", TRUE);
+ g_settings_apply (settings);
+
+ keyfile = g_key_file_new ();
+ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL));
+
+ g_assert_true (g_key_file_get_boolean (keyfile, test_data->keyfile_group, "test-boolean", NULL));
+
+ g_key_file_free (keyfile);
+
+ g_settings_reset (settings, "test-boolean");
+ g_settings_apply (settings);
+ keyfile = g_key_file_new ();
+ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL));
+
+ g_assert_false (g_key_file_get_string (keyfile, test_data->keyfile_group, "test-boolean", &error));
+ g_assert_error (error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND);
+ g_clear_error (&error);
+
+ /* Check that empty keys/groups are not allowed. */
+ g_assert_false (g_settings_is_writable (settings, ""));
+ g_assert_false (g_settings_is_writable (settings, "/"));
+
+ /* Keys which ghost the root group name are not allowed. This can only be
+ * tested when the path is `/` as otherwise it acts as a prefix and prevents
+ * any ghosting. */
+ if (g_str_equal (test_data->path, "/"))
+ {
+ key = g_strdup_printf ("%s/%s", test_data->root_group, "");
+ g_assert_false (g_settings_is_writable (settings, key));
+ g_free (key);
+
+ key = g_strdup_printf ("%s/%s", test_data->root_group, "/");
+ g_assert_false (g_settings_is_writable (settings, key));
+ g_free (key);
+
+ key = g_strdup_printf ("%s/%s", test_data->root_group, "test-boolean");
+ g_assert_false (g_settings_is_writable (settings, key));
+ g_free (key);
+ }
+
+ g_key_file_free (keyfile);
+ g_object_unref (settings);
+
+ /* Clean up the temporary directory. */
+ g_assert_cmpint (g_chmod (keyfile_path, 0777) == 0 ? 0 : errno, ==, 0);
+ g_assert_cmpint (g_remove (store_path) == 0 ? 0 : errno, ==, 0);
+ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
+ g_free (store_path);
+ g_free (keyfile_path);
+}
+
+/*
+ * Test that a keyfile rejects writes to keys outside its root path.
+ */
+static void
+test_keyfile_outside_root_path (Fixture *fixture,
+ gconstpointer user_data)
+{
+ GSettingsBackend *kf_backend;
+ GSettings *settings;
+ gchar *keyfile_path = NULL, *store_path = NULL;
+
+ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
+ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
+ kf_backend = g_keyfile_settings_backend_new (store_path, "/tests/basic-types/", "root");
+ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/tests/");
+ g_object_unref (kf_backend);
+
+ g_assert_false (g_settings_is_writable (settings, "test-boolean"));
+
+ g_object_unref (settings);
+
+ /* Clean up the temporary directory. The keyfile probably doesnt exist, so
+ * dont error on failure. */
+ g_remove (store_path);
+ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
+ g_free (store_path);
+ g_free (keyfile_path);
+}
+
+/*
+ * Test that a keyfile rejects writes to keys in the root if no root group is set.
+ */
+static void
+test_keyfile_no_root_group (Fixture *fixture,
+ gconstpointer user_data)
+{
+ GSettingsBackend *kf_backend;
+ GSettings *settings;
+ gchar *keyfile_path = NULL, *store_path = NULL;
+
+ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
+ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
+ kf_backend = g_keyfile_settings_backend_new (store_path, "/", NULL);
+ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/");
+ g_object_unref (kf_backend);
+
+ g_assert_false (g_settings_is_writable (settings, "test-boolean"));
+ g_assert_true (g_settings_is_writable (settings, "child/test-boolean"));
+
+ g_object_unref (settings);
+
+ /* Clean up the temporary directory. The keyfile probably doesnt exist, so
+ * dont error on failure. */
+ g_remove (store_path);
+ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
+ g_free (store_path);
+ g_free (keyfile_path);
+}
+
/* Test that getting child schemas works
*/
static void
@@ -2844,6 +3000,14 @@ main (int argc, char *argv[])
gchar *override_text;
gchar *enums;
gint result;
+ const KeyfileTestData keyfile_test_data_explicit_path = { "/tests/", "root", "tests", "/" };
+ const KeyfileTestData keyfile_test_data_empty_path = { "/", "root", "root", "/" };
+ const KeyfileTestData keyfile_test_data_long_path = {
+ "/tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch/",
+ "root",
+ "tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch",
+ "/"
+ };
/* Meson build sets this */
#ifdef TEST_LOCALE_PATH
@@ -2967,6 +3131,11 @@ main (int argc, char *argv[])
}
g_test_add ("/gsettings/keyfile", Fixture, NULL, setup, test_keyfile, teardown);
+ g_test_add ("/gsettings/keyfile/explicit-path", Fixture, &keyfile_test_data_explicit_path, setup, test_keyfile_no_path, teardown);
+ g_test_add ("/gsettings/keyfile/empty-path", Fixture, &keyfile_test_data_empty_path, setup, test_keyfile_no_path, teardown);
+ g_test_add ("/gsettings/keyfile/long-path", Fixture, &keyfile_test_data_long_path, setup, test_keyfile_no_path, teardown);
+ g_test_add ("/gsettings/keyfile/outside-root-path", Fixture, NULL, setup, test_keyfile_outside_root_path, teardown);
+ g_test_add ("/gsettings/keyfile/no-root-group", Fixture, NULL, setup, test_keyfile_no_root_group, teardown);
g_test_add_func ("/gsettings/child-schema", test_child_schema);
g_test_add_func ("/gsettings/strinfo", test_strinfo);
g_test_add_func ("/gsettings/enums", test_enums);
--
2.30.1

View File

@ -1,283 +0,0 @@
Backport of:
From 317b3b587058a05dca95d56dac26568c5b098d33 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:35:40 +0000
Subject: [PATCH] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION
with symlinks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking
the destination file and re-creating it from scratch. That did
previously work, but in the process the code would call `open(O_CREAT)`
on the file. If the file was a dangling symlink, this would create the
destination file (empty). Thats not an intended side-effect, and has
security implications if the symlink is controlled by a lower-privileged
process.
Fix that by not opening the destination file if its a symlink, and
adjusting the rest of the code to cope with
- the fact that `fd == -1` is not an error iff `is_symlink` is true,
- and that `original_stat` will contain the `lstat()` results for the
symlink now, rather than the `stat()` results for its target (again,
iff `is_symlink` is true).
This means that the target of the dangling symlink is no longer created,
which was the bug. The symlink itself continues to be replaced (as
before) with the new file — this is the intended behaviour of
`g_file_replace()`.
The behaviour for non-symlink cases, or cases where the symlink was not
dangling, should be unchanged.
Includes a unit test.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: #2325
---
gio/glocalfileoutputstream.c | 70 ++++++++++++++++-------
gio/tests/file.c | 108 +++++++++++++++++++++++++++++++++++
2 files changed, 158 insertions(+), 20 deletions(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index a3dd62172..553fcbbae 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -874,16 +874,22 @@ handle_overwrite_open (const char *filename,
/* Could be a symlink, or it could be a regular ELOOP error,
* but then the next open will fail too. */
is_symlink = TRUE;
- fd = g_open (filename, open_flags, mode);
+ if (!(flags & G_FILE_CREATE_REPLACE_DESTINATION))
+ fd = g_open (filename, open_flags, mode);
}
-#else
- fd = g_open (filename, open_flags, mode);
- errsv = errno;
+#else /* if !O_NOFOLLOW */
/* This is racy, but we do it as soon as possible to minimize the race */
is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK);
+
+ if (!is_symlink || !(flags & G_FILE_CREATE_REPLACE_DESTINATION))
+ {
+ fd = g_open (filename, open_flags, mode);
+ errsv = errno;
+ }
#endif
- if (fd == -1)
+ if (fd == -1 &&
+ (!is_symlink || !(flags & G_FILE_CREATE_REPLACE_DESTINATION)))
{
char *display_name = g_filename_display_name (filename);
g_set_error (error, G_IO_ERROR,
@@ -893,13 +899,25 @@ handle_overwrite_open (const char *filename,
g_free (display_name);
return -1;
}
-
+
+ if (!is_symlink)
+ {
#ifdef G_OS_WIN32
- res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat);
+ res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat);
#else
- res = fstat (fd, &original_stat);
+ res = fstat (fd, &original_stat);
#endif
- errsv = errno;
+ errsv = errno;
+ }
+ else
+ {
+#ifdef G_OS_WIN32
+ res = GLIB_PRIVATE_CALL (g_win32_lstat_utf8) (filename, &original_stat);
+#else
+ res = g_lstat (filename, &original_stat);
+#endif
+ errsv = errno;
+ }
if (res != 0)
{
@@ -916,16 +934,27 @@ handle_overwrite_open (const char *filename,
if (!S_ISREG (original_stat.st_mode))
{
if (S_ISDIR (original_stat.st_mode))
- g_set_error_literal (error,
- G_IO_ERROR,
- G_IO_ERROR_IS_DIRECTORY,
- _("Target file is a directory"));
- else
- g_set_error_literal (error,
- G_IO_ERROR,
- G_IO_ERROR_NOT_REGULAR_FILE,
- _("Target file is not a regular file"));
- goto err_out;
+ {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_IS_DIRECTORY,
+ _("Target file is a directory"));
+ goto err_out;
+ }
+ else if (!is_symlink ||
+#ifdef S_ISLNK
+ !S_ISLNK (original_stat.st_mode)
+#else
+ FALSE
+#endif
+ )
+ {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_NOT_REGULAR_FILE,
+ _("Target file is not a regular file"));
+ goto err_out;
+ }
}
if (etag != NULL)
@@ -1006,7 +1035,8 @@ handle_overwrite_open (const char *filename,
}
}
- g_close (fd, NULL);
+ if (fd >= 0)
+ g_close (fd, NULL);
*temp_filename = tmp_filename;
return tmpfd;
}
diff --git a/gio/tests/file.c b/gio/tests/file.c
index efb2eaadd..bc55f3af4 100644
--- a/gio/tests/file.c
+++ b/gio/tests/file.c
@@ -804,6 +804,113 @@ test_replace_cancel (void)
g_object_unref (tmpdir);
}
+static void
+test_replace_symlink (void)
+{
+#ifdef G_OS_UNIX
+ gchar *tmpdir_path = NULL;
+ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL;
+ GFileOutputStream *stream = NULL;
+ const gchar *new_contents = "this is a test message which should be written to source and not target";
+ gsize n_written;
+ GFileEnumerator *enumerator = NULL;
+ GFileInfo *info = NULL;
+ gchar *contents = NULL;
+ gsize length = 0;
+ GError *local_error = NULL;
+
+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325");
+ g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION doesnt follow symlinks");
+
+ /* Create a fresh, empty working directory. */
+ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error);
+ g_assert_no_error (local_error);
+ tmpdir = g_file_new_for_path (tmpdir_path);
+
+ g_test_message ("Using temporary directory %s", tmpdir_path);
+ g_free (tmpdir_path);
+
+ /* Create symlink `source` which points to `target`. */
+ source_file = g_file_get_child (tmpdir, "source");
+ target_file = g_file_get_child (tmpdir, "target");
+ g_file_make_symbolic_link (source_file, "target", NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ /* Ensure that `target` doesnt exist */
+ g_assert_false (g_file_query_exists (target_file, NULL));
+
+ /* Replace the `source` symlink with a regular file using
+ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without*
+ * following the symlink */
+ stream = g_file_replace (source_file, NULL, FALSE /* no backup */,
+ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents),
+ &n_written, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpint (n_written, ==, strlen (new_contents));
+
+ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_clear_object (&stream);
+
+ /* At this point, there should still only be one file: `source`. It should
+ * now be a regular file. `target` should not exist. */
+ enumerator = g_file_enumerate_children (tmpdir,
+ G_FILE_ATTRIBUTE_STANDARD_NAME ","
+ G_FILE_ATTRIBUTE_STANDARD_TYPE,
+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_nonnull (info);
+
+ g_assert_cmpstr (g_file_info_get_name (info), ==, "source");
+ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR);
+
+ g_clear_object (&info);
+
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_null (info);
+
+ g_file_enumerator_close (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_clear_object (&enumerator);
+
+ /* Double-check that `target` doesnt exist */
+ g_assert_false (g_file_query_exists (target_file, NULL));
+
+ /* Check the content of `source`. */
+ g_file_load_contents (source_file,
+ NULL,
+ &contents,
+ &length,
+ NULL,
+ &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpstr (contents, ==, new_contents);
+ g_assert_cmpuint (length, ==, strlen (new_contents));
+ g_free (contents);
+
+ /* Tidy up. */
+ g_file_delete (source_file, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_file_delete (tmpdir, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_clear_object (&target_file);
+ g_clear_object (&source_file);
+ g_clear_object (&tmpdir);
+#else /* if !G_OS_UNIX */
+ g_test_skip ("Symlink replacement tests can only be run on Unix")
+#endif
+}
+
static void
on_file_deleted (GObject *object,
GAsyncResult *result,
@@ -1754,6 +1861,7 @@ main (int argc, char *argv[])
g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete);
g_test_add_func ("/file/replace-load", test_replace_load);
g_test_add_func ("/file/replace-cancel", test_replace_cancel);
+ g_test_add_func ("/file/replace-symlink", test_replace_symlink);
g_test_add_func ("/file/async-delete", test_async_delete);
#ifdef G_OS_UNIX
g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode);
--
2.30.1