From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Lhv78-0000W2-Ib for garchives@archives.gentoo.org; Fri, 13 Mar 2009 00:19:02 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0225DE0383; Fri, 13 Mar 2009 00:19:02 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id B7C23E0383 for ; Fri, 13 Mar 2009 00:19:01 +0000 (UTC) Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 5B64464B8F for ; Fri, 13 Mar 2009 00:19:01 +0000 (UTC) Received: from dang by stork.gentoo.org with local (Exim 4.69) (envelope-from ) id 1Lhv77-0001xv-0k for gentoo-commits@lists.gentoo.org; Fri, 13 Mar 2009 00:19:01 +0000 From: "Daniel Gryniewicz (dang)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, dang@gentoo.org Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/glib/files: glib2-CVE-2008-4316.patch X-VCS-Repository: gentoo-x86 X-VCS-Files: glib2-CVE-2008-4316.patch X-VCS-Directories: dev-libs/glib/files X-VCS-Committer: dang X-VCS-Committer-Name: Daniel Gryniewicz Content-Type: text/plain; charset=utf8 Message-Id: Sender: Daniel Gryniewicz Date: Fri, 13 Mar 2009 00:19:01 +0000 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 58f43b23-2ed3-41ba-a244-8961648b328d X-Archives-Hash: 1c5a0eb35c32d65ca461b37d3c2f33fa dang 09/03/13 00:19:01 Added: glib2-CVE-2008-4316.patch Log: Add versions with fixes for bug #249214 (Portage version: 2.1.6.7/cvs/Linux x86_64, RepoMan options: --force) Revision Changes Path 1.1 dev-libs/glib/files/glib2-CVE-2008-4316.patch file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/glib/file= s/glib2-CVE-2008-4316.patch?rev=3D1.1&view=3Dmarkup plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/glib/file= s/glib2-CVE-2008-4316.patch?rev=3D1.1&content-type=3Dtext/plain Index: glib2-CVE-2008-4316.patch =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- glib/gbase64.c.orig 2008-12-04 12:07:21.000000000 +0100 +++ glib/gbase64.c 2009-01-12 14:08:31.000000000 +0100 @@ -54,8 +54,9 @@ static const char base64_alphabet[] =3D * * The output buffer must be large enough to fit all the data that will * be written to it. Due to the way base64 encodes you will need - * at least: @len * 4 / 3 + 6 bytes. If you enable line-breaking you wil= l - * need at least: @len * 4 / 3 + @len * 4 / (3 * 72) + 7 bytes. + * at least: (@len / 3 + 1) * 4 + 4 bytes (+ 4 may be needed in case of + * non-zero state). If you enable line-breaking you will need at least: + * ((@len / 3 + 1) * 4 + 4) / 72 + 1 bytes of extra space. * * @break_lines is typically used when putting base64-encoded data in em= ails. * It breaks the lines at 72 columns instead of putting all of the text = on=20 @@ -233,8 +234,14 @@ g_base64_encode (const guchar *data,=20 g_return_val_if_fail (data !=3D NULL, NULL); g_return_val_if_fail (len > 0, NULL); =20 - /* We can use a smaller limit here, since we know the saved state is 0= */ - out =3D g_malloc (len * 4 / 3 + 4); + /* We can use a smaller limit here, since we know the saved state is 0= , + +1 is needed for trailing \0, also check for unlikely integer overf= low */ + if (len >=3D ((G_MAXSIZE - 1) / 4 - 1) * 3) + g_error("%s: input too large for Base64 encoding (%"G_GSIZE_FORMAT" = chars)", + G_STRLOC, len); + + out =3D g_malloc ((len / 3 + 1) * 4 + 1); + outlen =3D g_base64_encode_step (data, len, FALSE, out, &state, &save)= ; outlen +=3D g_base64_encode_close (FALSE, out + outlen, &state, &save)= ; out[outlen] =3D '\0'; @@ -275,7 +282,8 @@ static const unsigned char mime_base64_r * * The output buffer must be large enough to fit all the data that will * be written to it. Since base64 encodes 3 bytes in 4 chars you need - * at least: @len * 3 / 4 bytes. + * at least: (@len / 4) * 3 + 3 bytes (+ 3 may be needed in case of non-= zero + * state). *=20 * Return value: The number of bytes of output that was written * @@ -358,7 +366,8 @@ g_base64_decode (const gchar *text, gsize *out_len) { guchar *ret; - gint input_length, state =3D 0; + gsize input_length; + gint state =3D 0; guint save =3D 0; =20 g_return_val_if_fail (text !=3D NULL, NULL); @@ -368,7 +377,9 @@ g_base64_decode (const gchar *text, =20 g_return_val_if_fail (input_length > 1, NULL); =20 - ret =3D g_malloc0 (input_length * 3 / 4); + /* We can use a smaller limit here, since we know the saved state is 0= , + +1 used to avoid calling g_malloc0(0), and hence retruning NULL */ + ret =3D g_malloc0 ((input_length / 4) * 3 + 1); =20 *out_len =3D g_base64_decode_step (text, input_length, ret, &state, &s= ave); =20