glib: Fix for CVE-2024-52533 (#11074)

Co-authored-by: Sharath Srikanth Chellappa <[email protected]> (cherry picked from commit d7ee2be)
microsoft · Nov 14, 2024 · 3552fd1 · 3552fd1
1 parent 18f3538
commit 3552fd1
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 13 deletions.
diff --git a/SPECS/glib/CVE-2024-52533.patch b/SPECS/glib/CVE-2024-52533.patch
@@ -0,0 +1,44 @@
+From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <[email protected]>
+Date: Thu, 19 Sep 2024 18:35:53 +0100
+Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
+ messages
+
+`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
+byte in the connect message, which is an addition in SOCKSv4a vs
+SOCKSv4.
+
+This means that the buffer for building and transmitting the connect
+message could be overflowed if the username and hostname are both
+`SOCKS4_MAX_LEN` (255) bytes long.
+
+Proxy configurations are normally statically configured, so the username
+is very unlikely to be near its maximum length, and hence this overflow
+is unlikely to be triggered in practice.
+
+(Commit message by Philip Withnall, diagnosis and fix by Michael
+Catanzaro.)
+
+Fixes: #3461
+---
+ gio/gsocks4aproxy.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
+index 3dad118eb7..b3146d08fd 100644
+--- a/gio/gsocks4aproxy.c
++++ b/gio/gsocks4aproxy.c
+@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+- *    1    1      2              4           variable       1    variable
++ *    1    1      2              4           variable       1    variable    1
+  */
+-#define SOCKS4_CONN_MSG_LEN	    (9 + SOCKS4_MAX_LEN * 2)
++#define SOCKS4_CONN_MSG_LEN	    (10 + SOCKS4_MAX_LEN * 2)
+ static gint
+ set_connect_msg (guint8      *msg,
+ 		 const gchar *hostname,
+-- 
+GitLab
diff --git a/SPECS/glib/glib.spec b/SPECS/glib/glib.spec
@@ -2,13 +2,14 @@
 Summary:        Low-level libraries useful for providing data structure handling for C.
 Name:           glib
 Version:        2.71.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Applications/System
 URL:            https://developer.gnome.org/glib/
 Source0:        https://ftp.gnome.org/pub/gnome/sources/glib/%{majorver}/%{name}-%{version}.tar.xz
+Patch0:         CVE-2024-52533.patch
 BuildRequires:  cmake
 BuildRequires:  gtk-doc
 BuildRequires:  libffi-devel
@@ -122,6 +123,9 @@ touch %{buildroot}%{_libdir}/gio/modules/giomodule.cache
 %doc %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Thu Nov 14 2024 Sharath Srikanth Chellappa <[email protected]> - 2.71.0-3
+- Patch CVE-2024-52533
+
 * Wed Sep 20 2023 Jon Slobodzian <[email protected]> - 2.71.0-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 

diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -199,7 +199,7 @@ libxml2-devel-2.10.4-4.cm2.aarch64.rpm
 docbook-dtd-xml-4.5-11.cm2.noarch.rpm
 docbook-style-xsl-1.79.1-14.cm2.noarch.rpm
 libsepol-3.2-2.cm2.aarch64.rpm
-glib-2.71.0-2.cm2.aarch64.rpm
+glib-2.71.0-3.cm2.aarch64.rpm
 libltdl-2.4.6-8.cm2.aarch64.rpm
 libltdl-devel-2.4.6-8.cm2.aarch64.rpm
 pcre-8.45-2.cm2.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -199,7 +199,7 @@ libxml2-devel-2.10.4-4.cm2.x86_64.rpm
 docbook-dtd-xml-4.5-11.cm2.noarch.rpm
 docbook-style-xsl-1.79.1-14.cm2.noarch.rpm
 libsepol-3.2-2.cm2.x86_64.rpm
-glib-2.71.0-2.cm2.x86_64.rpm
+glib-2.71.0-3.cm2.x86_64.rpm
 libltdl-2.4.6-8.cm2.x86_64.rpm
 libltdl-devel-2.4.6-8.cm2.x86_64.rpm
 pcre-8.45-2.cm2.x86_64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -101,11 +101,11 @@ gdbm-lang-1.21-1.cm2.aarch64.rpm
 gettext-0.21-3.cm2.aarch64.rpm
 gettext-debuginfo-0.21-3.cm2.aarch64.rpm
 gfortran-11.2.0-8.cm2.aarch64.rpm
-glib-2.71.0-2.cm2.aarch64.rpm
-glib-debuginfo-2.71.0-2.cm2.aarch64.rpm
-glib-devel-2.71.0-2.cm2.aarch64.rpm
-glib-doc-2.71.0-2.cm2.noarch.rpm
-glib-schemas-2.71.0-2.cm2.aarch64.rpm
+glib-2.71.0-3.cm2.aarch64.rpm
+glib-debuginfo-2.71.0-3.cm2.aarch64.rpm
+glib-devel-2.71.0-3.cm2.aarch64.rpm
+glib-doc-2.71.0-3.cm2.noarch.rpm
+glib-schemas-2.71.0-3.cm2.aarch64.rpm
 glibc-2.35-7.cm2.aarch64.rpm
 glibc-debuginfo-2.35-7.cm2.aarch64.rpm
 glibc-devel-2.35-7.cm2.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -106,11 +106,11 @@ gdbm-lang-1.21-1.cm2.x86_64.rpm
 gettext-0.21-3.cm2.x86_64.rpm
 gettext-debuginfo-0.21-3.cm2.x86_64.rpm
 gfortran-11.2.0-8.cm2.x86_64.rpm
-glib-2.71.0-2.cm2.x86_64.rpm
-glib-debuginfo-2.71.0-2.cm2.x86_64.rpm
-glib-devel-2.71.0-2.cm2.x86_64.rpm
-glib-doc-2.71.0-2.cm2.noarch.rpm
-glib-schemas-2.71.0-2.cm2.x86_64.rpm
+glib-2.71.0-3.cm2.x86_64.rpm
+glib-debuginfo-2.71.0-3.cm2.x86_64.rpm
+glib-devel-2.71.0-3.cm2.x86_64.rpm
+glib-doc-2.71.0-3.cm2.noarch.rpm
+glib-schemas-2.71.0-3.cm2.x86_64.rpm
 glibc-2.35-7.cm2.x86_64.rpm
 glibc-debuginfo-2.35-7.cm2.x86_64.rpm
 glibc-devel-2.35-7.cm2.x86_64.rpm