From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Wed, 10 Feb 2021 21:19:30 +0000 Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group names These should never have been allowed; they will result in precondition failures from the `GKeyFile` later on in the code. A test will be added for this shortly. Signed-off-by: Philip Withnall Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] CVE: CVE-2021-27219 Signed-off-by: Ranjitsinh Rathod --- gio/gkeyfilesettingsbackend.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c index 861c3a661..de216e615 100644 --- a/gio/gkeyfilesettingsbackend.c +++ b/gio/gkeyfilesettingsbackend.c @@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb, last_slash = strrchr (key, '/'); + /* Disallow empty group names or key names */ + if (key_len == 0 || + (last_slash != NULL && + (*(last_slash + 1) == '\0' || + last_slash == key))) + return FALSE; + if (kfsb->root_group) { /* if a root_group was specified, make sure the user hasn't given -- GitLab