gnu/packages/patches/glib-CVE-2021-27219-18.patch

   1 Backport of:
   2
   3 From 221c26685354dea2b2732df94404e8e5e77a1591 Mon Sep 17 00:00:00 2001
   4 From: Philip Withnall <pwithnall@endlessos.org>
   5 Date: Wed, 10 Feb 2021 21:21:36 +0000
   6 Subject: [PATCH 3/3] tests: Add tests for key name handling in the keyfile
   7  backend
   8
   9 This tests the two recent commits.
  10
  11 Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
  12 ---
  13  gio/tests/gsettings.c | 171 +++++++++++++++++++++++++++++++++++++++++-
  14  1 file changed, 170 insertions(+), 1 deletion(-)
  15
  16 diff --git a/gio/tests/gsettings.c b/gio/tests/gsettings.c
  17 index baadca8f5..afe594a23 100644
  18 --- a/gio/tests/gsettings.c
  19 +++ b/gio/tests/gsettings.c
  20 @@ -1,3 +1,4 @@
  21 +#include <errno.h>
  22  #include <stdlib.h>
  23  #include <locale.h>
  24  #include <libintl.h>
  25 @@ -1740,6 +1741,14 @@ key_changed_cb (GSettings *settings, const gchar *key, gpointer data)
  26    (*b) = TRUE;
  27  }
  28
  29 +typedef struct
  30 +{
  31 +  const gchar *path;
  32 +  const gchar *root_group;
  33 +  const gchar *keyfile_group;
  34 +  const gchar *root_path;
  35 +} KeyfileTestData;
  36 +
  37  /*
  38   * Test that using a keyfile works
  39   */
  40 @@ -1834,7 +1843,11 @@ test_keyfile (Fixture       *fixture,
  41    g_free (str);
  42
  43    g_settings_set (settings, "farewell", "s", "cheerio");
  44 -
  45 +
  46 +  /* Check that empty keys/groups are not allowed. */
  47 +  g_assert_false (g_settings_is_writable (settings, ""));
  48 +  g_assert_false (g_settings_is_writable (settings, "/"));
  49 +
  50    /* When executing as root, changing the mode of the keyfile will have
  51     * no effect on the writability of the settings.
  52     */
  53 @@ -1866,6 +1879,149 @@ test_keyfile (Fixture       *fixture,
  54    g_free (keyfile_path);
  55  }
  56
  57 +/*
  58 + * Test that using a keyfile works with a schema with no path set.
  59 + */
  60 +static void
  61 +test_keyfile_no_path (Fixture       *fixture,
  62 +                      gconstpointer  user_data)
  63 +{
  64 +  const KeyfileTestData *test_data = user_data;
  65 +  GSettingsBackend *kf_backend;
  66 +  GSettings *settings;
  67 +  GKeyFile *keyfile;
  68 +  gboolean writable;
  69 +  gchar *key = NULL;
  70 +  GError *error = NULL;
  71 +  gchar *keyfile_path = NULL, *store_path = NULL;
  72 +
  73 +  keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
  74 +  store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
  75 +  kf_backend = g_keyfile_settings_backend_new (store_path, test_data->root_path, test_data->root_group);
  76 +  settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, test_data->path);
  77 +  g_object_unref (kf_backend);
  78 +
  79 +  g_settings_reset (settings, "test-boolean");
  80 +  g_assert_true (g_settings_get_boolean (settings, "test-boolean"));
  81 +
  82 +  writable = g_settings_is_writable (settings, "test-boolean");
  83 +  g_assert_true (writable);
  84 +  g_settings_set (settings, "test-boolean", "b", FALSE);
  85 +
  86 +  g_assert_false (g_settings_get_boolean (settings, "test-boolean"));
  87 +
  88 +  g_settings_delay (settings);
  89 +  g_settings_set (settings, "test-boolean", "b", TRUE);
  90 +  g_settings_apply (settings);
  91 +
  92 +  keyfile = g_key_file_new ();
  93 +  g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL));
  94 +
  95 +  g_assert_true (g_key_file_get_boolean (keyfile, test_data->keyfile_group, "test-boolean", NULL));
  96 +
  97 +  g_key_file_free (keyfile);
  98 +
  99 +  g_settings_reset (settings, "test-boolean");
 100 +  g_settings_apply (settings);
 101 +  keyfile = g_key_file_new ();
 102 +  g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL));
 103 +
 104 +  g_assert_false (g_key_file_get_string (keyfile, test_data->keyfile_group, "test-boolean", &error));
 105 +  g_assert_error (error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND);
 106 +  g_clear_error (&error);
 107 +
 108 +  /* Check that empty keys/groups are not allowed. */
 109 +  g_assert_false (g_settings_is_writable (settings, ""));
 110 +  g_assert_false (g_settings_is_writable (settings, "/"));
 111 +
 112 +  /* Keys which ghost the root group name are not allowed. This can only be
 113 +   * tested when the path is `/` as otherwise it acts as a prefix and prevents
 114 +   * any ghosting. */
 115 +  if (g_str_equal (test_data->path, "/"))
 116 +    {
 117 +      key = g_strdup_printf ("%s/%s", test_data->root_group, "");
 118 +      g_assert_false (g_settings_is_writable (settings, key));
 119 +      g_free (key);
 120 +
 121 +      key = g_strdup_printf ("%s/%s", test_data->root_group, "/");
 122 +      g_assert_false (g_settings_is_writable (settings, key));
 123 +      g_free (key);
 124 +
 125 +      key = g_strdup_printf ("%s/%s", test_data->root_group, "test-boolean");
 126 +      g_assert_false (g_settings_is_writable (settings, key));
 127 +      g_free (key);
 128 +    }
 129 +
 130 +  g_key_file_free (keyfile);
 131 +  g_object_unref (settings);
 132 +
 133 +  /* Clean up the temporary directory. */
 134 +  g_assert_cmpint (g_chmod (keyfile_path, 0777) == 0 ? 0 : errno, ==, 0);
 135 +  g_assert_cmpint (g_remove (store_path) == 0 ? 0 : errno, ==, 0);
 136 +  g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
 137 +  g_free (store_path);
 138 +  g_free (keyfile_path);
 139 +}
 140 +
 141 +/*
 142 + * Test that a keyfile rejects writes to keys outside its root path.
 143 + */
 144 +static void
 145 +test_keyfile_outside_root_path (Fixture       *fixture,
 146 +                                gconstpointer  user_data)
 147 +{
 148 +  GSettingsBackend *kf_backend;
 149 +  GSettings *settings;
 150 +  gchar *keyfile_path = NULL, *store_path = NULL;
 151 +
 152 +  keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
 153 +  store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
 154 +  kf_backend = g_keyfile_settings_backend_new (store_path, "/tests/basic-types/", "root");
 155 +  settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/tests/");
 156 +  g_object_unref (kf_backend);
 157 +
 158 +  g_assert_false (g_settings_is_writable (settings, "test-boolean"));
 159 +
 160 +  g_object_unref (settings);
 161 +
 162 +  /* Clean up the temporary directory. The keyfile probably doesn’t exist, so
 163 +   * don’t error on failure. */
 164 +  g_remove (store_path);
 165 +  g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
 166 +  g_free (store_path);
 167 +  g_free (keyfile_path);
 168 +}
 169 +
 170 +/*
 171 + * Test that a keyfile rejects writes to keys in the root if no root group is set.
 172 + */
 173 +static void
 174 +test_keyfile_no_root_group (Fixture       *fixture,
 175 +                            gconstpointer  user_data)
 176 +{
 177 +  GSettingsBackend *kf_backend;
 178 +  GSettings *settings;
 179 +  gchar *keyfile_path = NULL, *store_path = NULL;
 180 +
 181 +  keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
 182 +  store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
 183 +  kf_backend = g_keyfile_settings_backend_new (store_path, "/", NULL);
 184 +  settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/");
 185 +  g_object_unref (kf_backend);
 186 +
 187 +  g_assert_false (g_settings_is_writable (settings, "test-boolean"));
 188 +  g_assert_true (g_settings_is_writable (settings, "child/test-boolean"));
 189 +
 190 +  g_object_unref (settings);
 191 +
 192 +  /* Clean up the temporary directory. The keyfile probably doesn’t exist, so
 193 +   * don’t error on failure. */
 194 +  g_remove (store_path);
 195 +  g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
 196 +  g_free (store_path);
 197 +  g_free (keyfile_path);
 198 +}
 199 +
 200  /* Test that getting child schemas works
 201   */
 202  static void
 203 @@ -2844,6 +3000,14 @@ main (int argc, char *argv[])
 204    gchar *override_text;
 205    gchar *enums;
 206    gint result;
 207 +  const KeyfileTestData keyfile_test_data_explicit_path = { "/tests/", "root", "tests", "/" };
 208 +  const KeyfileTestData keyfile_test_data_empty_path = { "/", "root", "root", "/" };
 209 +  const KeyfileTestData keyfile_test_data_long_path = {
 210 +    "/tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch/",
 211 +    "root",
 212 +    "tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch",
 213 +    "/"
 214 +  };
 215
 216  /* Meson build sets this */
 217  #ifdef TEST_LOCALE_PATH
 218 @@ -2967,6 +3131,11 @@ main (int argc, char *argv[])
 219      }
 220
 221    g_test_add ("/gsettings/keyfile", Fixture, NULL, setup, test_keyfile, teardown);
 222 +  g_test_add ("/gsettings/keyfile/explicit-path", Fixture, &keyfile_test_data_explicit_path, setup, test_keyfile_no_path, teardown);
 223 +  g_test_add ("/gsettings/keyfile/empty-path", Fixture, &keyfile_test_data_empty_path, setup, test_keyfile_no_path, teardown);
 224 +  g_test_add ("/gsettings/keyfile/long-path", Fixture, &keyfile_test_data_long_path, setup, test_keyfile_no_path, teardown);
 225 +  g_test_add ("/gsettings/keyfile/outside-root-path", Fixture, NULL, setup, test_keyfile_outside_root_path, teardown);
 226 +  g_test_add ("/gsettings/keyfile/no-root-group", Fixture, NULL, setup, test_keyfile_no_root_group, teardown);
 227    g_test_add_func ("/gsettings/child-schema", test_child_schema);
 228    g_test_add_func ("/gsettings/strinfo", test_strinfo);
 229    g_test_add_func ("/gsettings/enums", test_enums);
 230 --
 231 2.30.1
 232