import patch for CVE-2024-52533

nkraetzschmar · nkraetzschmar · commit 8f4ff730c18c · 2025-02-17T18:19:39.000+01:00
diff --git a/.container b/.container
@@ -0,0 +1 @@
+ghcr.io/gardenlinux/repo-debian-snapshot@sha256:6bb682e9665ec7e88da709eaf6867a5045afa3b89d0afd4e8225d9dda3ff9d99
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,10 @@
+on:
+  push:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+jobs:
+  build:
+    uses: gardenlinux/package-build/.github/workflows/build.yml@main
+    with:
+      release: ${{ github.ref == 'refs/heads/main' }}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.build
diff --git a/prepare_source b/prepare_source
@@ -0,0 +1,3 @@
+apt_src glib2.0
+import_upstream_patches
+version_suffix=gl0~bp1592
diff --git a/upstream_patches/CVE-2024-52533.patch b/upstream_patches/CVE-2024-52533.patch
@@ -0,0 +1,39 @@
+commit 48fc6b8c3612bc1c536cdb3fd8ea8662f58b1e62
+Author: Michael Catanzaro <mcatanzaro@redhat.com>
+Date:   Thu Sep 19 18:35:53 2024 +0100
+
+    gsocks4aproxy: Fix a single byte buffer overflow in connect messages
+    
+    `SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
+    byte in the connect message, which is an addition in SOCKSv4a vs
+    SOCKSv4.
+    
+    This means that the buffer for building and transmitting the connect
+    message could be overflowed if the username and hostname are both
+    `SOCKS4_MAX_LEN` (255) bytes long.
+    
+    Proxy configurations are normally statically configured, so the username
+    is very unlikely to be near its maximum length, and hence this overflow
+    is unlikely to be triggered in practice.
+    
+    (Commit message by Philip Withnall, diagnosis and fix by Michael
+    Catanzaro.)
+    
+    Fixes: #3461
+
+diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
+index 3dad118eb..b3146d08f 100644
+--- a/gio/gsocks4aproxy.c
++++ b/gio/gsocks4aproxy.c
+@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+- *    1    1      2              4           variable       1    variable
++ *    1    1      2              4           variable       1    variable    1
+  */
+-#define SOCKS4_CONN_MSG_LEN	    (9 + SOCKS4_MAX_LEN * 2)
++#define SOCKS4_CONN_MSG_LEN	    (10 + SOCKS4_MAX_LEN * 2)
+ static gint
+ set_connect_msg (guint8      *msg,
+ 		 const gchar *hostname,
diff --git a/upstream_patches/series b/upstream_patches/series
@@ -0,0 +1 @@
+CVE-2024-52533.patch

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ghcr.io/gardenlinux/repo-debian-snapshot@sha256:6bb682e9665ec7e88da709eaf6867a5045afa3b89d0afd4e8225d9dda3ff9d99`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+apt_src glib2.0`
	`2`	`+import_upstream_patches`
	`3`	`+version_suffix=gl0~bp1592`