me
/
guix
Archived
1
0
Fork 0
This repository has been archived on 2024-08-07. You can view files and clone it, but cannot push or open issues/pull-requests.
guix/gnu/packages/patches/glib-CVE-2021-27219-17.patch

38 lines
1.1 KiB
Diff

From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 10 Feb 2021 21:19:30 +0000
Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group
names
These should never have been allowed; they will result in precondition
failures from the `GKeyFile` later on in the code.
A test will be added for this shortly.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
gio/gkeyfilesettingsbackend.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
index 861c3a661..de216e615 100644
--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb,
last_slash = strrchr (key, '/');
+ /* Disallow empty group names or key names */
+ if (key_len == 0 ||
+ (last_slash != NULL &&
+ (*(last_slash + 1) == '\0' ||
+ last_slash == key)))
+ return FALSE;
+
if (kfsb->root_group)
{
/* if a root_group was specified, make sure the user hasn't given
--
2.30.1