glib: Fix for CVE 2024 52533 (#11075)

Co-authored-by: Sharath Srikanth Chellappa <[email protected]>
microsoft · Nov 14, 2024 · 11eb590 · 11eb590
1 parent 3c31112
commit 11eb590
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 13 deletions.
diff --git a/SPECS/glib/CVE-2024-52533.patch b/SPECS/glib/CVE-2024-52533.patch
@@ -0,0 +1,44 @@
+From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <[email protected]>
+Date: Thu, 19 Sep 2024 18:35:53 +0100
+Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
+ messages
+
+`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
+byte in the connect message, which is an addition in SOCKSv4a vs
+SOCKSv4.
+
+This means that the buffer for building and transmitting the connect
+message could be overflowed if the username and hostname are both
+`SOCKS4_MAX_LEN` (255) bytes long.
+
+Proxy configurations are normally statically configured, so the username
+is very unlikely to be near its maximum length, and hence this overflow
+is unlikely to be triggered in practice.
+
+(Commit message by Philip Withnall, diagnosis and fix by Michael
+Catanzaro.)
+
+Fixes: #3461
+---
+ gio/gsocks4aproxy.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
+index 3dad118eb7..b3146d08fd 100644
+--- a/gio/gsocks4aproxy.c
++++ b/gio/gsocks4aproxy.c
+@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+- *    1    1      2              4           variable       1    variable
++ *    1    1      2              4           variable       1    variable    1
+  */
+-#define SOCKS4_CONN_MSG_LEN	    (9 + SOCKS4_MAX_LEN * 2)
++#define SOCKS4_CONN_MSG_LEN	    (10 + SOCKS4_MAX_LEN * 2)
+ static gint
+ set_connect_msg (guint8      *msg,
+ 		 const gchar *hostname,
+-- 
+GitLab
diff --git a/SPECS/glib/glib.spec b/SPECS/glib/glib.spec
@@ -2,13 +2,14 @@
 Summary:        Low-level libraries useful for providing data structure handling for C.
 Name:           glib
 Version:        2.78.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Applications/System
 URL:            https://developer.gnome.org/glib/
 Source0:        https://ftp.gnome.org/pub/gnome/sources/glib/%{majorver}/%{name}-%{version}.tar.xz
+Patch0:         CVE-2024-52533.patch
 BuildRequires:  cmake
 BuildRequires:  gtk-doc
 BuildRequires:  libffi-devel
@@ -121,6 +122,9 @@ touch %{buildroot}%{_libdir}/gio/modules/giomodule.cache
 %doc %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Thu Nov 14 2024 Sharath Srikanth Chellappa <[email protected]> - 2.78.1-5
+- Patch CVE-2024-52533
+
 * Fri Apr 19 2024 Betty Lakes <[email protected]> - 2.78.1-4
 - Update dependency on pcre2
 

diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -204,7 +204,7 @@ libxml2-devel-2.11.5-1.azl3.aarch64.rpm
 docbook-dtd-xml-4.5-11.azl3.noarch.rpm
 docbook-style-xsl-1.79.1-14.azl3.noarch.rpm
 libsepol-3.6-1.azl3.aarch64.rpm
-glib-2.78.1-4.azl3.aarch64.rpm
+glib-2.78.1-5.azl3.aarch64.rpm
 libltdl-2.4.7-1.azl3.aarch64.rpm
 libltdl-devel-2.4.7-1.azl3.aarch64.rpm
 lua-5.4.6-1.azl3.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -204,7 +204,7 @@ libxml2-devel-2.11.5-1.azl3.x86_64.rpm
 docbook-dtd-xml-4.5-11.azl3.noarch.rpm
 docbook-style-xsl-1.79.1-14.azl3.noarch.rpm
 libsepol-3.6-1.azl3.x86_64.rpm
-glib-2.78.1-4.azl3.x86_64.rpm
+glib-2.78.1-5.azl3.x86_64.rpm
 libltdl-2.4.7-1.azl3.x86_64.rpm
 libltdl-devel-2.4.7-1.azl3.x86_64.rpm
 lua-5.4.6-1.azl3.x86_64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -120,11 +120,11 @@ gdbm-lang-1.23-1.azl3.aarch64.rpm
 gettext-0.22-1.azl3.aarch64.rpm
 gettext-debuginfo-0.22-1.azl3.aarch64.rpm
 gfortran-13.2.0-7.azl3.aarch64.rpm
-glib-2.78.1-4.azl3.aarch64.rpm
-glib-debuginfo-2.78.1-4.azl3.aarch64.rpm
-glib-devel-2.78.1-4.azl3.aarch64.rpm
-glib-doc-2.78.1-4.azl3.noarch.rpm
-glib-schemas-2.78.1-4.azl3.aarch64.rpm
+glib-2.78.1-5.azl3.aarch64.rpm
+glib-debuginfo-2.78.1-5.azl3.aarch64.rpm
+glib-devel-2.78.1-5.azl3.aarch64.rpm
+glib-doc-2.78.1-5.azl3.noarch.rpm
+glib-schemas-2.78.1-5.azl3.aarch64.rpm
 glibc-2.38-8.azl3.aarch64.rpm
 glibc-debuginfo-2.38-8.azl3.aarch64.rpm
 glibc-devel-2.38-8.azl3.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -125,11 +125,11 @@ gdbm-lang-1.23-1.azl3.x86_64.rpm
 gettext-0.22-1.azl3.x86_64.rpm
 gettext-debuginfo-0.22-1.azl3.x86_64.rpm
 gfortran-13.2.0-7.azl3.x86_64.rpm
-glib-2.78.1-4.azl3.x86_64.rpm
-glib-debuginfo-2.78.1-4.azl3.x86_64.rpm
-glib-devel-2.78.1-4.azl3.x86_64.rpm
-glib-doc-2.78.1-4.azl3.noarch.rpm
-glib-schemas-2.78.1-4.azl3.x86_64.rpm
+glib-2.78.1-5.azl3.x86_64.rpm
+glib-debuginfo-2.78.1-5.azl3.x86_64.rpm
+glib-devel-2.78.1-5.azl3.x86_64.rpm
+glib-doc-2.78.1-5.azl3.noarch.rpm
+glib-schemas-2.78.1-5.azl3.x86_64.rpm
 glibc-2.38-8.azl3.x86_64.rpm
 glibc-debuginfo-2.38-8.azl3.x86_64.rpm
 glibc-devel-2.38-8.azl3.x86_64.rpm