upstream/oracle/userland-gate: components/gnome/gnome-session/patches/04-24683186.patch@2cfe8fed0a7b (annotated)

7360 2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	1	Security bug fix from upstream which can be deleted when we bring in
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	2	3.20.2
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	3
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	4	From 634ab70d9f03b1650be4b8259091ca3036f0fbf9 Mon Sep 17 00:00:00 2001
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	5	From: Hanno Boeck <[email protected]>
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	6	Date: Mon, 11 Jul 2016 10:37:03 -0400
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	7	Subject: main: fix heap overflow in dbus-launch wrapping
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	8
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	9	I have discovered a heap overflow with the help of an address sanitizer.
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	10
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	11	The require_dbus_session() function has this code:
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	12
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	13	new_argv = g_malloc (argc + 3 * sizeof (*argv));
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	14
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	15	The intention is to allocate space for (argc + 3) pointers. However obviously a
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	16	parenthesis is missing, therefore only argc bytes + 3 * pointer size gets
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	17	allocated, which is insufficient space. This leads to invalid memory writes.
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	18
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	19	The fix is trivial: Parentheses around argc + 3.
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	20
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	21	https://bugzilla.gnome.org/show_bug.cgi?id=768441
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	22	---
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	23	gnome-session/main.c \| 2 +-
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	24	1 file changed, 1 insertion(+), 1 deletion(-)
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	25
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	26	diff --git a/gnome-session/main.c b/gnome-session/main.c
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	27	index 9f3ca0f..bd23824 100644
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	28	--- a/gnome-session/main.c
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	29	+++ b/gnome-session/main.c
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	30	@@ -187,7 +187,7 @@ require_dbus_session (int argc,
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	31	TRUE);
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	32
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	33	/* +2 for our new arguments, +1 for NULL */
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	34	- new_argv = g_malloc (argc + 3 * sizeof (*argv));
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	35	+ new_argv = g_malloc ((argc + 3) * sizeof (*argv));
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	36
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	37	new_argv[0] = "dbus-launch";
2cfe8fed0a7b 24683186 problem in GNOME/SESSION Niveditha Rau <Niveditha.Rau@Oracle.COM> parents: diff changeset	38	new_argv[1] = "--exit-with-session";

author	Niveditha Rau <Niveditha.Rau@Oracle.COM>
	Fri, 18 Nov 2016 14:58:10 -0800
changeset 7360	2cfe8fed0a7b
permissions	-rw-r--r--