[jackhill/guix/guix.git] / gnu / packages / patches / glib-CVE-2021-27219-09.patch

From 65ec7f4d6e8832c481f6e00e2eb007b9a60024ce Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 14:00:53 +0000
Subject: [PATCH 09/11] gsocket: Use gsize to track native sockaddr's size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Don’t use an `int`, that’s potentially too small. In practical terms,
this is not a problem, since no socket address is going to be that big.

By making these changes we can use `g_memdup2()` without warnings,
though. Fewer warnings is good.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
 gio/gsocket.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/gio/gsocket.c b/gio/gsocket.c
index 66073af83..a3af149e8 100644
--- a/gio/gsocket.c
+++ b/gio/gsocket.c
@@ -75,6 +75,7 @@
 #include "gcredentialsprivate.h"
 #include "glibintl.h"
 #include "gioprivate.h"
+#include "gstrfuncsprivate.h"
 
 #ifdef G_OS_WIN32
 /* For Windows XP runtime compatibility, but use the system's if_nametoindex() if available */
@@ -174,7 +175,7 @@ static gboolean     g_socket_datagram_based_condition_wait       (GDatagramBased
                                                                   GError          **error);
 
 static GSocketAddress *
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len);
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len);
 
 static gssize
 g_socket_receive_message_with_timeout  (GSocket                 *socket,
@@ -260,7 +261,7 @@ struct _GSocketPrivate
   struct {
     GSocketAddress *addr;
     struct sockaddr *native;
-    gint native_len;
+    gsize native_len;
     guint64 last_used;
   } recv_addr_cache[RECV_ADDR_CACHE_SIZE];
 };
@@ -5211,14 +5212,14 @@ g_socket_send_messages_with_timeout (GSocket        *socket,
 }
 
 static GSocketAddress *
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len)
 {
   GSocketAddress *saddr;
   gint i;
   guint64 oldest_time = G_MAXUINT64;
   gint oldest_index = 0;
 
-  if (native_len <= 0)
+  if (native_len == 0)
     return NULL;
 
   saddr = NULL;
@@ -5226,7 +5227,7 @@ cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
     {
       GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr;
       gpointer tmp_native = socket->priv->recv_addr_cache[i].native;
-      gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
+      gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
 
       if (!tmp)
         continue;
@@ -5256,7 +5257,7 @@ cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
       g_free (socket->priv->recv_addr_cache[oldest_index].native);
     }
 
-  socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len);
+  socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len);
   socket->priv->recv_addr_cache[oldest_index].native_len = native_len;
   socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr);
   socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time ();
@@ -5404,6 +5405,9 @@ g_socket_receive_message_with_timeout (GSocket                 *socket,
     /* do it */
     while (1)
       {
+        /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */
+        G_STATIC_ASSERT (sizeof addr <= G_MAXINT);
+
 	addrlen = sizeof addr;
 	if (address)
 	  result = WSARecvFrom (socket->priv->fd,
-- 
2.30.1
Commit	Line	Data
21b3b755 MW	1	From 65ec7f4d6e8832c481f6e00e2eb007b9a60024ce Mon Sep 17 00:00:00 2001
	2	From: Philip Withnall <pwithnall@endlessos.org>
	3	Date: Thu, 4 Feb 2021 14:00:53 +0000
	4	Subject: [PATCH 09/11] gsocket: Use gsize to track native sockaddr's size
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	Don’t use an `int`, that’s potentially too small. In practical terms,
	10	this is not a problem, since no socket address is going to be that big.
	11
	12	By making these changes we can use `g_memdup2()` without warnings,
	13	though. Fewer warnings is good.
	14
	15	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	16	Helps: #2319
	17	---
	18	gio/gsocket.c \| 16 ++++++++++------
	19	1 file changed, 10 insertions(+), 6 deletions(-)
	20
	21	diff --git a/gio/gsocket.c b/gio/gsocket.c
	22	index 66073af83..a3af149e8 100644
	23	--- a/gio/gsocket.c
	24	+++ b/gio/gsocket.c
	25	@@ -75,6 +75,7 @@
	26	#include "gcredentialsprivate.h"
	27	#include "glibintl.h"
	28	#include "gioprivate.h"
	29	+#include "gstrfuncsprivate.h"
	30
	31	#ifdef G_OS_WIN32
	32	/* For Windows XP runtime compatibility, but use the system's if_nametoindex() if available */
	33	@@ -174,7 +175,7 @@ static gboolean g_socket_datagram_based_condition_wait (GDatagramBased
	34	GError **error);
	35
	36	static GSocketAddress *
	37	-cache_recv_address (GSocket socket, struct sockaddr native, int native_len);
	38	+cache_recv_address (GSocket socket, struct sockaddr native, size_t native_len);
	39
	40	static gssize
	41	g_socket_receive_message_with_timeout (GSocket *socket,
	42	@@ -260,7 +261,7 @@ struct _GSocketPrivate
	43	struct {
	44	GSocketAddress *addr;
	45	struct sockaddr *native;
	46	- gint native_len;
	47	+ gsize native_len;
	48	guint64 last_used;
	49	} recv_addr_cache[RECV_ADDR_CACHE_SIZE];
	50	};
	51	@@ -5211,14 +5212,14 @@ g_socket_send_messages_with_timeout (GSocket *socket,
	52	}
	53
	54	static GSocketAddress *
	55	-cache_recv_address (GSocket socket, struct sockaddr native, int native_len)
	56	+cache_recv_address (GSocket socket, struct sockaddr native, size_t native_len)
	57	{
	58	GSocketAddress *saddr;
	59	gint i;
	60	guint64 oldest_time = G_MAXUINT64;
	61	gint oldest_index = 0;
	62
	63	- if (native_len <= 0)
	64	+ if (native_len == 0)
65	return NULL;
66
67	saddr = NULL;
68	@@ -5226,7 +5227,7 @@ cache_recv_address (GSocket socket, struct sockaddr native, int native_len)
69	{
70	GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr;
71	gpointer tmp_native = socket->priv->recv_addr_cache[i].native;
72	- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
73	+ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
74
75	if (!tmp)
76	continue;
77	@@ -5256,7 +5257,7 @@ cache_recv_address (GSocket socket, struct sockaddr native, int native_len)
78	g_free (socket->priv->recv_addr_cache[oldest_index].native);
79	}
80
81	- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len);
82	+ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len);
83	socket->priv->recv_addr_cache[oldest_index].native_len = native_len;
84	socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr);
85	socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time ();
86	@@ -5404,6 +5405,9 @@ g_socket_receive_message_with_timeout (GSocket *socket,
87	/* do it */
88	while (1)
89	{
90	+ /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */
91	+ G_STATIC_ASSERT (sizeof addr <= G_MAXINT);
92	+
93	addrlen = sizeof addr;
94	if (address)
95	result = WSARecvFrom (socket->priv->fd,
96	--
97	2.30.1
98