16accb6b24
- 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
From e64c221f9c7d09b48b610c5626b3b8c400f0907c Mon Sep 17 00:00:00 2001
|
|
From: Michael Catanzaro <mcatanzaro@redhat.com>
|
|
Date: Thu, 8 May 2025 09:27:01 -0500
|
|
Subject: [PATCH] auth-digest: fix crash in
|
|
soup_auth_digest_get_protection_space()
|
|
|
|
We need to validate the Domain parameter in the WWW-Authenticate header.
|
|
|
|
Unfortunately this crash only occurs when listening on default ports 80
|
|
and 443, so there's no good way to test for this. The test would require
|
|
running as root.
|
|
|
|
Fixes #440
|
|
|
|
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c]
|
|
CVE: CVE-2025-4476
|
|
Signed-off-by: Ashish Sharma <asharma@mvista.com>
|
|
|
|
|
|
libsoup/auth/soup-auth-digest.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
|
|
index d8bb2910..292f2045 100644
|
|
--- a/libsoup/auth/soup-auth-digest.c
|
|
+++ b/libsoup/auth/soup-auth-digest.c
|
|
@@ -220,7 +220,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, GUri *source_uri)
|
|
if (uri &&
|
|
g_strcmp0 (g_uri_get_scheme (uri), g_uri_get_scheme (source_uri)) == 0 &&
|
|
g_uri_get_port (uri) == g_uri_get_port (source_uri) &&
|
|
- !strcmp (g_uri_get_host (uri), g_uri_get_host (source_uri)))
|
|
+ !g_strcmp0 (g_uri_get_host (uri), g_uri_get_host (source_uri)))
|
|
dir = g_strdup (g_uri_get_path (uri));
|
|
else
|
|
dir = NULL;
|
|
--
|
|
GitLab
|
|
|