-
Notifications
You must be signed in to change notification settings - Fork 546
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[AUTO-CHERRYPICK] glib: Fix for CVE-2024-52533 - branch main (#11076)
Co-authored-by: sharath-srikanth-chellappa <[email protected]>
- Loading branch information
1 parent
18f3538
commit 1eabecd
Showing
6 changed files
with
61 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001 | ||
From: Michael Catanzaro <[email protected]> | ||
Date: Thu, 19 Sep 2024 18:35:53 +0100 | ||
Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect | ||
messages | ||
|
||
`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul | ||
byte in the connect message, which is an addition in SOCKSv4a vs | ||
SOCKSv4. | ||
|
||
This means that the buffer for building and transmitting the connect | ||
message could be overflowed if the username and hostname are both | ||
`SOCKS4_MAX_LEN` (255) bytes long. | ||
|
||
Proxy configurations are normally statically configured, so the username | ||
is very unlikely to be near its maximum length, and hence this overflow | ||
is unlikely to be triggered in practice. | ||
|
||
(Commit message by Philip Withnall, diagnosis and fix by Michael | ||
Catanzaro.) | ||
|
||
Fixes: #3461 | ||
--- | ||
gio/gsocks4aproxy.c | 4 ++-- | ||
1 file changed, 2 insertions(+), 2 deletions(-) | ||
|
||
diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c | ||
index 3dad118eb7..b3146d08fd 100644 | ||
--- a/gio/gsocks4aproxy.c | ||
+++ b/gio/gsocks4aproxy.c | ||
@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy) | ||
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ | ||
* | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL | | ||
* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ | ||
- * 1 1 2 4 variable 1 variable | ||
+ * 1 1 2 4 variable 1 variable 1 | ||
*/ | ||
-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2) | ||
+#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2) | ||
static gint | ||
set_connect_msg (guint8 *msg, | ||
const gchar *hostname, | ||
-- | ||
GitLab |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,13 +2,14 @@ | |
Summary: Low-level libraries useful for providing data structure handling for C. | ||
Name: glib | ||
Version: 2.71.0 | ||
Release: 2%{?dist} | ||
Release: 3%{?dist} | ||
License: LGPLv2+ | ||
Vendor: Microsoft Corporation | ||
Distribution: Mariner | ||
Group: Applications/System | ||
URL: https://developer.gnome.org/glib/ | ||
Source0: https://ftp.gnome.org/pub/gnome/sources/glib/%{majorver}/%{name}-%{version}.tar.xz | ||
Patch0: CVE-2024-52533.patch | ||
BuildRequires: cmake | ||
BuildRequires: gtk-doc | ||
BuildRequires: libffi-devel | ||
|
@@ -122,6 +123,9 @@ touch %{buildroot}%{_libdir}/gio/modules/giomodule.cache | |
%doc %{_datadir}/gtk-doc/html/* | ||
|
||
%changelog | ||
* Thu Nov 14 2024 Sharath Srikanth Chellappa <[email protected]> - 2.71.0-3 | ||
- Patch CVE-2024-52533 | ||
|
||
* Wed Sep 20 2023 Jon Slobodzian <[email protected]> - 2.71.0-2 | ||
- Recompile with stack-protection fixed gcc version (CVE-2023-4039) | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters