Narcissus/shredos.x86_64
2
0
Fork 1
mirror of https://github.com/PartialVolume/shredos.x86_64.git synced 2026-02-20 09:35:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d893547c0e067a21aee59e9b6d24d53d16438e5b
shredos.x86_64/package/libsoup/0004-headers-Strictly-dont-allow-NUL-bytes.patch
PartialVolume c525a2ff71 Updated ShredOS to Buildroot 2025.11, kernel 6.18.0
2026-01-06 22:53:29 +00:00

61 lines
2.1 KiB
Diff
Raw Blame History

From 4a2bb98e03d79146c729dca52c8d6edc635218ff Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Mon, 8 Jul 2024 12:33:15 -0500
Subject: [PATCH] headers: Strictly don't allow NUL bytes
In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
CVE: CVE-2024-52530
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/402/diffs?commit_id=04df03bc092ac20607f3e150936624d4f536e68b]
Upstream: https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
Signed-off-by: Changqing Li <changqing.li@windriver.com>
[Titouan: Remove changes on test files]
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
---
libsoup/soup-headers.c | 15 +++------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index eec28ad..e5d3c03 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -50,13 +50,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
* ignorable trailing whitespace.
*/
+ /* No '\0's are allowed */
+ if (memchr (str, '\0', len))
+ return FALSE;
+
/* Skip over the Request-Line / Status-Line */
headers_start = memchr (str, '\n', len);
if (!headers_start)
return FALSE;
- /* No '\0's in the Request-Line / Status-Line */
- if (memchr (str, '\0', headers_start - str))
- return FALSE;
/* We work on a copy of the headers, which we can write '\0's
* into, so that we don't have to individually g_strndup and
@@ -68,14 +69,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
headers_copy[copy_len] = '\0';
value_end = headers_copy;
- /* There shouldn't be any '\0's in the headers already, but
- * this is the web we're talking about.
- */
- while ((p = memchr (headers_copy, '\0', copy_len))) {
- memmove (p, p + 1, copy_len - (p - headers_copy));
- copy_len--;
- }
-
while (*(value_end + 1)) {
name = value_end + 1;
name_end = strchr (name, ':');
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink