aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/glib-CVE-2021-27219-17.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/glib-CVE-2021-27219-17.patch')
-rw-r--r--gnu/packages/patches/glib-CVE-2021-27219-17.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/gnu/packages/patches/glib-CVE-2021-27219-17.patch b/gnu/packages/patches/glib-CVE-2021-27219-17.patch
new file mode 100644
index 0000000000..3153979071
--- /dev/null
+++ b/gnu/packages/patches/glib-CVE-2021-27219-17.patch
@@ -0,0 +1,37 @@
+From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Wed, 10 Feb 2021 21:19:30 +0000
+Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group
+ names
+
+These should never have been allowed; they will result in precondition
+failures from the `GKeyFile` later on in the code.
+
+A test will be added for this shortly.
+
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+---
+ gio/gkeyfilesettingsbackend.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
+index 861c3a661..de216e615 100644
+--- a/gio/gkeyfilesettingsbackend.c
++++ b/gio/gkeyfilesettingsbackend.c
+@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb,
+
+ last_slash = strrchr (key, '/');
+
++ /* Disallow empty group names or key names */
++ if (key_len == 0 ||
++ (last_slash != NULL &&
++ (*(last_slash + 1) == '\0' ||
++ last_slash == key)))
++ return FALSE;
++
+ if (kfsb->root_group)
+ {
+ /* if a root_group was specified, make sure the user hasn't given
+--
+2.30.1
+