File glib2-CVE-2021-28153.patch of Package glib2.23781
diff -urp glib-2.54.3.orig/gio/glocalfileoutputstream.c glib-2.54.3/gio/glocalfileoutputstream.c
--- glib-2.54.3.orig/gio/glocalfileoutputstream.c 2018-01-08 14:00:42.000000000 -0600
+++ glib-2.54.3/gio/glocalfileoutputstream.c 2022-04-14 11:35:04.585116548 -0500
@@ -54,6 +54,12 @@
#define O_BINARY 0
#endif
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#else
+#define HAVE_O_CLOEXEC 1
+#endif
+
struct _GLocalFileOutputStreamPrivate {
char *tmp_filename;
char *original_filename;
@@ -749,11 +755,12 @@ handle_overwrite_open (const char *fi
int res;
int mode;
int errsv;
+ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION);
mode = mode_from_flags_or_info (flags, reference_info);
/* We only need read access to the original file if we are creating a backup.
- * We also add O_CREATE to avoid a race if the file was just removed */
+ * We also add O_CREAT to avoid a race if the file was just removed */
if (create_backup || readable)
open_flags = O_RDWR | O_CREAT | O_BINARY;
else
@@ -776,16 +783,22 @@ handle_overwrite_open (const char *fi
/* Could be a symlink, or it could be a regular ELOOP error,
* but then the next open will fail too. */
is_symlink = TRUE;
- fd = g_open (filename, open_flags, mode);
+ if (!replace_destination_set)
+ fd = g_open (filename, open_flags, mode);
}
-#else
- fd = g_open (filename, open_flags, mode);
- errsv = errno;
+#else /* if !O_NOFOLLOW */
/* This is racy, but we do it as soon as possible to minimize the race */
is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK);
+
+ if (!is_symlink || !replace_destination_set)
+ {
+ fd = g_open (filename, open_flags, mode);
+ errsv = errno;
+ }
#endif
- if (fd == -1)
+ if (fd == -1 &&
+ (!is_symlink || !replace_destination_set))
{
char *display_name = g_filename_display_name (filename);
g_set_error (error, G_IO_ERROR,
@@ -799,7 +812,10 @@ handle_overwrite_open (const char *fi
#ifdef G_OS_WIN32
res = _fstati64 (fd, &original_stat);
#else
- res = fstat (fd, &original_stat);
+ if (!is_symlink)
+ res = fstat (fd, &original_stat);
+ else
+ res = lstat (filename, &original_stat);
#endif
errsv = errno;
@@ -811,23 +827,34 @@ handle_overwrite_open (const char *fi
_("Error when getting information for file “%s”: %s"),
display_name, g_strerror (errsv));
g_free (display_name);
- goto err_out;
+ goto error;
}
/* not a regular file */
if (!S_ISREG (original_stat.st_mode))
{
if (S_ISDIR (original_stat.st_mode))
- g_set_error_literal (error,
- G_IO_ERROR,
- G_IO_ERROR_IS_DIRECTORY,
- _("Target file is a directory"));
- else
- g_set_error_literal (error,
+ {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_IS_DIRECTORY,
+ _("Target file is a directory"));
+ goto error;
+ }
+ else if (!is_symlink ||
+#ifdef S_ISLNK
+ !S_ISLNK (original_stat.st_mode)
+#else
+ FALSE
+#endif
+ )
+ {
+ g_set_error_literal (error,
G_IO_ERROR,
G_IO_ERROR_NOT_REGULAR_FILE,
_("Target file is not a regular file"));
- goto err_out;
+ goto error;
+ }
}
if (etag != NULL)
@@ -840,7 +867,7 @@ handle_overwrite_open (const char *fi
G_IO_ERROR_WRONG_ETAG,
_("The file was externally modified"));
g_free (current_etag);
- goto err_out;
+ goto error;
}
g_free (current_etag);
}
@@ -856,7 +883,7 @@ handle_overwrite_open (const char *fi
* to a backup file and rewrite the contents of the file.
*/
- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) ||
+ if (replace_destination_set ||
(!(original_stat.st_nlink > 1) && !is_symlink))
{
char *dirname, *tmp_filename;
@@ -875,7 +902,7 @@ handle_overwrite_open (const char *fi
/* try to keep permissions (unless replacing) */
- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) &&
+ if (!replace_destination_set &&
(
#ifdef HAVE_FCHOWN
fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 ||
@@ -908,7 +935,8 @@ handle_overwrite_open (const char *fi
}
}
- g_close (fd, NULL);
+ if (fd >= 0)
+ g_close (fd, NULL);
*temp_filename = tmp_filename;
return tmpfd;
}
@@ -932,7 +960,7 @@ handle_overwrite_open (const char *fi
G_IO_ERROR_CANT_CREATE_BACKUP,
_("Backup file creation failed"));
g_free (backup_filename);
- goto err_out;
+ goto error;
}
bfd = g_open (backup_filename,
@@ -946,7 +974,7 @@ handle_overwrite_open (const char *fi
G_IO_ERROR_CANT_CREATE_BACKUP,
_("Backup file creation failed"));
g_free (backup_filename);
- goto err_out;
+ goto error;
}
/* If needed, Try to set the group of the backup same as the
@@ -963,7 +991,7 @@ handle_overwrite_open (const char *fi
g_unlink (backup_filename);
g_close (bfd, NULL);
g_free (backup_filename);
- goto err_out;
+ goto error;
}
if ((original_stat.st_gid != tmp_statbuf.st_gid) &&
@@ -980,7 +1008,7 @@ handle_overwrite_open (const char *fi
g_unlink (backup_filename);
g_close (bfd, NULL);
g_free (backup_filename);
- goto err_out;
+ goto error;
}
}
#endif
@@ -995,7 +1023,7 @@ handle_overwrite_open (const char *fi
g_close (bfd, NULL);
g_free (backup_filename);
- goto err_out;
+ goto error;
}
g_close (bfd, NULL);
@@ -1010,11 +1038,11 @@ handle_overwrite_open (const char *fi
g_io_error_from_errno (errsv),
_("Error seeking in file: %s"),
g_strerror (errsv));
- goto err_out;
+ goto error;
}
}
- if (flags & G_FILE_CREATE_REPLACE_DESTINATION)
+ if (replace_destination_set)
{
g_close (fd, NULL);
@@ -1026,7 +1054,7 @@ handle_overwrite_open (const char *fi
g_io_error_from_errno (errsv),
_("Error removing old file: %s"),
g_strerror (errsv));
- goto err_out2;
+ goto error;
}
if (readable)
@@ -1043,7 +1071,7 @@ handle_overwrite_open (const char *fi
_("Error opening file “%s”: %s"),
display_name, g_strerror (errsv));
g_free (display_name);
- goto err_out2;
+ goto error;
}
}
else
@@ -1061,15 +1089,16 @@ handle_overwrite_open (const char *fi
g_io_error_from_errno (errsv),
_("Error truncating file: %s"),
g_strerror (errsv));
- goto err_out;
+ goto error;
}
}
return fd;
- err_out:
- g_close (fd, NULL);
- err_out2:
+error:
+ if (fd >= 0)
+ g_close (fd, NULL);
+
return -1;
}
@@ -1099,7 +1128,7 @@ _g_local_file_output_stream_replace (con
sync_on_close = FALSE;
/* If the file doesn't exist, create it */
- open_flags = O_CREAT | O_EXCL | O_BINARY;
+ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
if (readable)
open_flags |= O_RDWR;
else
@@ -1129,8 +1158,11 @@ _g_local_file_output_stream_replace (con
set_error_from_open_errno (filename, error);
return NULL;
}
-
-
+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
+ else
+ fcntl (fd, F_SETFD, FD_CLOEXEC);
+#endif
+
stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
stream->priv->fd = fd;
stream->priv->sync_on_close = sync_on_close;
diff -urp glib-2.54.3.orig/gio/tests/file.c glib-2.54.3/gio/tests/file.c
--- glib-2.54.3.orig/gio/tests/file.c 2018-01-08 14:00:42.000000000 -0600
+++ glib-2.54.3/gio/tests/file.c 2022-04-14 11:35:04.581116526 -0500
@@ -649,7 +649,7 @@ test_replace_cancel (void)
guint count;
GError *error = NULL;
- g_test_bug ("629301");
+ g_test_bug ("https://bugzilla.gnome.org/629301");
path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error);
g_assert_no_error (error);
@@ -758,6 +758,112 @@ test_replace_cancel (void)
}
static void
+test_replace_symlink (void)
+{
+#ifdef G_OS_UNIX
+ gchar *tmpdir_path = NULL;
+ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL;
+ GFileOutputStream *stream = NULL;
+ const gchar *new_contents = "this is a test message which should be written to source and not target";
+ gsize n_written;
+ GFileEnumerator *enumerator = NULL;
+ GFileInfo *info = NULL;
+ gchar *contents = NULL;
+ gsize length = 0;
+ GError *local_error = NULL;
+
+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325");
+
+ /* Create a fresh, empty working directory. */
+ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error);
+ g_assert_no_error (local_error);
+ tmpdir = g_file_new_for_path (tmpdir_path);
+
+ g_test_message ("Using temporary directory %s", tmpdir_path);
+ g_free (tmpdir_path);
+
+ /* Create symlink `source` which points to `target`. */
+ source_file = g_file_get_child (tmpdir, "source");
+ target_file = g_file_get_child (tmpdir, "target");
+ g_file_make_symbolic_link (source_file, "target", NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ /* Ensure that `target` doesn’t exist */
+ g_assert_false (g_file_query_exists (target_file, NULL));
+
+ /* Replace the `source` symlink with a regular file using
+ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without*
+ * following the symlink */
+ stream = g_file_replace (source_file, NULL, FALSE /* no backup */,
+ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents),
+ &n_written, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpint (n_written, ==, strlen (new_contents));
+
+ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_clear_object (&stream);
+
+ /* At this point, there should still only be one file: `source`. It should
+ * now be a regular file. `target` should not exist. */
+ enumerator = g_file_enumerate_children (tmpdir,
+ G_FILE_ATTRIBUTE_STANDARD_NAME ","
+ G_FILE_ATTRIBUTE_STANDARD_TYPE,
+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_nonnull (info);
+
+ g_assert_cmpstr (g_file_info_get_name (info), ==, "source");
+ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR);
+
+ g_clear_object (&info);
+
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_null (info);
+
+ g_file_enumerator_close (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_clear_object (&enumerator);
+
+ /* Double-check that `target` doesn’t exist */
+ g_assert_false (g_file_query_exists (target_file, NULL));
+
+ /* Check the content of `source`. */
+ g_file_load_contents (source_file,
+ NULL,
+ &contents,
+ &length,
+ NULL,
+ &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpstr (contents, ==, new_contents);
+ g_assert_cmpuint (length, ==, strlen (new_contents));
+ g_free (contents);
+
+ /* Tidy up. */
+ g_file_delete (source_file, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_file_delete (tmpdir, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_clear_object (&target_file);
+ g_clear_object (&source_file);
+ g_clear_object (&tmpdir);
+#else /* if !G_OS_UNIX */
+ g_test_skip ("Symlink replacement tests can only be run on Unix")
+#endif
+}
+
+static void
on_file_deleted (GObject *object,
GAsyncResult *result,
gpointer user_data)
@@ -1048,7 +1154,7 @@ main (int argc, char *argv[])
{
g_test_init (&argc, &argv, NULL);
- g_test_bug_base ("http://bugzilla.gnome.org/");
+ g_test_bug_base ("");
g_test_add_func ("/file/basic", test_basic);
g_test_add_func ("/file/parent", test_parent);
@@ -1062,6 +1168,7 @@ main (int argc, char *argv[])
g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete);
g_test_add_func ("/file/replace-load", test_replace_load);
g_test_add_func ("/file/replace-cancel", test_replace_cancel);
+ g_test_add_func ("/file/replace-symlink", test_replace_symlink);
g_test_add_func ("/file/async-delete", test_async_delete);
#ifdef G_OS_UNIX
g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode);
Only in glib-2.54.3.orig/gio/tests: org.gtk.test.gschema.xml.orig
