21b3b75515
* gnu/packages/patches/glib-CVE-2021-27218.patch, gnu/packages/patches/glib-CVE-2021-27219-01.patch, gnu/packages/patches/glib-CVE-2021-27219-02.patch, gnu/packages/patches/glib-CVE-2021-27219-03.patch, gnu/packages/patches/glib-CVE-2021-27219-04.patch, gnu/packages/patches/glib-CVE-2021-27219-05.patch, gnu/packages/patches/glib-CVE-2021-27219-06.patch, gnu/packages/patches/glib-CVE-2021-27219-07.patch, gnu/packages/patches/glib-CVE-2021-27219-08.patch, gnu/packages/patches/glib-CVE-2021-27219-09.patch, gnu/packages/patches/glib-CVE-2021-27219-10.patch, gnu/packages/patches/glib-CVE-2021-27219-11.patch, gnu/packages/patches/glib-CVE-2021-27219-12.patch, gnu/packages/patches/glib-CVE-2021-27219-13.patch, gnu/packages/patches/glib-CVE-2021-27219-14.patch, gnu/packages/patches/glib-CVE-2021-27219-15.patch, gnu/packages/patches/glib-CVE-2021-27219-16.patch, gnu/packages/patches/glib-CVE-2021-27219-17.patch, gnu/packages/patches/glib-CVE-2021-27219-18.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/glib.scm (glib)[replacement]: New field. (glib/fixed): New variable.
95 lines
3.0 KiB
Diff
95 lines
3.0 KiB
Diff
From ba8ca443051f93a74c0d03d62e70402036f967a5 Mon Sep 17 00:00:00 2001
|
|
From: Philip Withnall <pwithnall@endlessos.org>
|
|
Date: Thu, 4 Feb 2021 13:58:32 +0000
|
|
Subject: [PATCH 08/11] gkeyfilesettingsbackend: Handle long keys when
|
|
converting paths
|
|
|
|
Previously, the code in `convert_path()` could not handle keys longer
|
|
than `G_MAXINT`, and would overflow if that was exceeded.
|
|
|
|
Convert the code to use `gsize` and `g_memdup2()` throughout, and
|
|
change from identifying the position of the final slash in the string
|
|
using a signed offset `i`, to using a pointer to the character (and
|
|
`strrchr()`). This allows the slash to be at any position in a
|
|
`G_MAXSIZE`-long string, without sacrificing a bit of the offset for
|
|
indicating whether a slash was found.
|
|
|
|
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|
Helps: #2319
|
|
---
|
|
gio/gkeyfilesettingsbackend.c | 21 ++++++++++-----------
|
|
1 file changed, 10 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
|
|
index cd5765afd..25b057672 100644
|
|
--- a/gio/gkeyfilesettingsbackend.c
|
|
+++ b/gio/gkeyfilesettingsbackend.c
|
|
@@ -33,6 +33,7 @@
|
|
#include "gfilemonitor.h"
|
|
#include "gsimplepermission.h"
|
|
#include "gsettingsbackendinternal.h"
|
|
+#include "gstrfuncsprivate.h"
|
|
#include "giomodule-priv.h"
|
|
#include "gportalsupport.h"
|
|
|
|
@@ -145,8 +146,8 @@ convert_path (GKeyfileSettingsBackend *kfsb,
|
|
gchar **group,
|
|
gchar **basename)
|
|
{
|
|
- gint key_len = strlen (key);
|
|
- gint i;
|
|
+ gsize key_len = strlen (key);
|
|
+ const gchar *last_slash;
|
|
|
|
if (key_len < kfsb->prefix_len ||
|
|
memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0)
|
|
@@ -155,38 +156,36 @@ convert_path (GKeyfileSettingsBackend *kfsb,
|
|
key_len -= kfsb->prefix_len;
|
|
key += kfsb->prefix_len;
|
|
|
|
- for (i = key_len; i >= 0; i--)
|
|
- if (key[i] == '/')
|
|
- break;
|
|
+ last_slash = strrchr (key, '/');
|
|
|
|
if (kfsb->root_group)
|
|
{
|
|
/* if a root_group was specified, make sure the user hasn't given
|
|
* a path that ghosts that group name
|
|
*/
|
|
- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0)
|
|
+ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0)
|
|
return FALSE;
|
|
}
|
|
else
|
|
{
|
|
/* if no root_group was given, ensure that the user gave a path */
|
|
- if (i == -1)
|
|
+ if (last_slash == NULL)
|
|
return FALSE;
|
|
}
|
|
|
|
if (group)
|
|
{
|
|
- if (i >= 0)
|
|
+ if (last_slash != NULL)
|
|
{
|
|
- *group = g_memdup (key, i + 1);
|
|
- (*group)[i] = '\0';
|
|
+ *group = g_memdup2 (key, (last_slash - key) + 1);
|
|
+ (*group)[(last_slash - key)] = '\0';
|
|
}
|
|
else
|
|
*group = g_strdup (kfsb->root_group);
|
|
}
|
|
|
|
if (basename)
|
|
- *basename = g_memdup (key + i + 1, key_len - i);
|
|
+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
|
|
|
|
return TRUE;
|
|
}
|
|
--
|
|
2.30.1
|
|
|