Your message dated Thu, 06 Jun 2013 01:48:18 +0000
with message-id <[email protected]>
and subject line Bug#699424: fixed in gconf 3.2.6-1
has caused the Debian Bug report #699424,
regarding libgconf-2-4: Use after free in gconf-dbus
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
699424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699424
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgconf-2-4
Version: 3.2.5-1
Severity: important
Tags: upstream fixed-upstream patch
Control: forwarded -1 https://bugzilla.gnome.org/show_bug.cgi?id=667167
Control: affects evolution
Dear Debian folks,
the upstream GConf master branch contains a fix for a use after free in
gconf-dbus [1]. This could crash Evolution/Evolution Data Server.
I am going to apply that upstream patch to the Debian package.
Thanks,
Paul
[1]
http://git.gnome.org/browse/gconf/commit/?id=84884e9df7ce8c081a1c223c66a799b82545ff1e
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libgconf-2-4 depends on:
ii gconf2-common 3.2.5-1
ii libc6 2.13-38
ii libdbus-1-3 1.6.8-1
ii libdbus-glib-1-2 0.100-1
ii libglib2.0-0 2.33.12+really2.32.4-5
ii multiarch-support 2.13-38
Versions of packages libgconf-2-4 recommends:
ii gconf-service 3.2.5-1.1
libgconf-2-4 suggests no packages.
-- no debconf information
From 84884e9df7ce8c081a1c223c66a799b82545ff1e Mon Sep 17 00:00:00 2001
From: Milan Crha <[email protected]>
Date: Thu, 18 Oct 2012 16:08:02 -0400
Subject: [PATCH] gconf-dbus: fix use after free
gconf_engine_get_fuller is accessing freed memory.
The problem is that it's referencing strings that are owned
by a D-Bus message, and they go away when the D-Bus message is freed.
This commit addresses the problem by duplicating the strings and
freeing them later.
https://bugzilla.gnome.org/show_bug.cgi?id=667167
---
gconf/gconf-dbus-utils.c | 10 +++++-----
gconf/gconf-dbus.c | 9 ++++++---
2 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/gconf/gconf-dbus-utils.c b/gconf/gconf-dbus-utils.c
index 6fd5bfa..92f5980 100644
--- a/gconf/gconf-dbus-utils.c
+++ b/gconf/gconf-dbus-utils.c
@@ -569,11 +569,11 @@ gconf_dbus_utils_get_entry_values (DBusMessageIter *main_iter,
gchar **schema_name_p)
{
DBusMessageIter struct_iter;
- gchar *key;
+ const gchar *key;
GConfValue *value;
gboolean is_default;
gboolean is_writable;
- gchar *schema_name;
+ const gchar *schema_name;
g_return_val_if_fail (dbus_message_iter_get_arg_type (main_iter) == DBUS_TYPE_STRUCT,
FALSE);
@@ -587,7 +587,7 @@ gconf_dbus_utils_get_entry_values (DBusMessageIter *main_iter,
value = utils_get_value (&struct_iter);
dbus_message_iter_next (&struct_iter);
- schema_name = (gchar *) utils_get_optional_string (&struct_iter);
+ schema_name = utils_get_optional_string (&struct_iter);
dbus_message_iter_next (&struct_iter);
dbus_message_iter_get_basic (&struct_iter, &is_default);
@@ -596,7 +596,7 @@ gconf_dbus_utils_get_entry_values (DBusMessageIter *main_iter,
dbus_message_iter_get_basic (&struct_iter, &is_writable);
if (key_p)
- *key_p = key;
+ *key_p = g_strdup (key);
if (value_p)
*value_p = value;
@@ -604,7 +604,7 @@ gconf_dbus_utils_get_entry_values (DBusMessageIter *main_iter,
gconf_value_free (value);
if (schema_name_p)
- *schema_name_p = schema_name;
+ *schema_name_p = g_strdup (schema_name);
if (is_default_p)
*is_default_p = is_default;
diff --git a/gconf/gconf-dbus.c b/gconf/gconf-dbus.c
index f167fc5..5610fcf 100644
--- a/gconf/gconf-dbus.c
+++ b/gconf/gconf-dbus.c
@@ -1252,12 +1252,13 @@ gconf_engine_get_fuller (GConfEngine *conf,
if (schema_name && schema_name[0] != '/')
{
+ g_free (schema_name);
schema_name = NULL;
}
if (schema_name_p)
- *schema_name_p = g_strdup (schema_name);
-
+ *schema_name_p = schema_name;
+
return val;
}
@@ -2402,7 +2403,7 @@ handle_notify (DBusConnection *connection,
GConfEngine *conf2)
{
GConfEngine *conf;
- gchar *key, *schema_name;
+ gchar *key = NULL, *schema_name = NULL;
gboolean is_default, is_writable;
DBusMessageIter iter;
GConfValue *value;
@@ -2466,6 +2467,8 @@ handle_notify (DBusConnection *connection,
if (value)
gconf_value_free (value);
+ g_free (key);
+ g_free (schema_name);
if (!match)
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
--
1.7.10.4
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: gconf
Source-Version: 3.2.6-1
We believe that the bug you reported is fixed in the latest version of
gconf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated gconf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 06 Jun 2013 03:29:17 +0200
Source: gconf
Binary: gconf2 gconf-service gconf2-common gconf-defaults-service libgconf-2-4
libgconf2-4 libgconf2-dev libgconf2-doc gir1.2-gconf-2.0 gconf-gsettings-backend
Architecture: source all amd64
Version: 3.2.6-1
Distribution: unstable
Urgency: low
Maintainer: Josselin Mouette <[email protected]>
Changed-By: Michael Biebl <[email protected]>
Description:
gconf-defaults-service - GNOME configuration database system (system defaults
service)
gconf-gsettings-backend - GNOME configuration database system - GSettings
back-end
gconf-service - GNOME configuration database system (D-Bus service)
gconf2 - GNOME configuration database system (support tools)
gconf2-common - GNOME configuration database system (common files)
gir1.2-gconf-2.0 - GNOME configuration database system (GObject-Introspection)
libgconf-2-4 - GNOME configuration database system (shared libraries)
libgconf2-4 - GNOME configuration database system (dummy package)
libgconf2-dev - GNOME configuration database system (development)
libgconf2-doc - GNOME configuration database system (API reference)
Closes: 699424
Changes:
gconf (3.2.6-1) unstable; urgency=low
.
[ Martin Pitt ]
* Add a simple compile/link/run autopkgtest for libgconf2-dev. Thanks Rafał
Cieślak! (LP: #1078719)
* debian/tests/build:
- Add -Wall -Werror for being more thorough.
- Don't call deprecated g_type_init() when building with glib >= 2.35.
.
[ Michael Biebl ]
* New upstream release.
- Fixes use after free in gconf-dbus. Closes: #699424
* Remove 04_manpage.patch, merged upstream. Refresh other patches.
* Add symbols file for libgconf-2-4.
* Bump Standards-Version to 3.9.4. No further changes.
Checksums-Sha1:
bcea5b35278fc23d71959f582e826bb3350e70e3 2900 gconf_3.2.6-1.dsc
a90d3ac08dc454f927c8d3024f52d4d57e3ff613 1559904 gconf_3.2.6.orig.tar.xz
201451d0f259b4fdb31c9989fdaec3d4bb58c904 28906 gconf_3.2.6-1.debian.tar.gz
5f5925b46272a3a850ee10c707a0cb3e4f3ca0b2 1041240 gconf2-common_3.2.6-1_all.deb
058be7180d2ae800ebf40b2d4037d9b7a3ace548 415512 libgconf2-doc_3.2.6-1_all.deb
82fb82462593ed9cb8a422b298290d2c106793a5 422860 gconf2_3.2.6-1_amd64.deb
588a79a16b53ee2c416b930a826f895d5af631d0 411880 gconf-service_3.2.6-1_amd64.deb
056288bd16be2f7c181604cd3b21afd44ee3f756 372446
gconf-defaults-service_3.2.6-1_amd64.deb
20235079cf92f44008bc2a5247a9abfb3c922559 424544 libgconf-2-4_3.2.6-1_amd64.deb
e913db3913dd1387894107488aaaf9c12afe4654 357588 libgconf2-4_3.2.6-1_amd64.deb
e5915547cbc37ef6902a3bf2190a87929bbd528e 446992 libgconf2-dev_3.2.6-1_amd64.deb
1c78d3afef435ee6fa38e9a61a81adfb92ad9d73 361754
gir1.2-gconf-2.0_3.2.6-1_amd64.deb
6419c6ccef93ce9c7d64a2a046cf0dfdb879ae67 364668
gconf-gsettings-backend_3.2.6-1_amd64.deb
Checksums-Sha256:
02f2ed3515111976114bdf92e2c3827f17608860d990ad1eecc72899c9252ce6 2900
gconf_3.2.6-1.dsc
1912b91803ab09a5eed34d364bf09fe3a2a9c96751fde03a4e0cfa51a04d784c 1559904
gconf_3.2.6.orig.tar.xz
c3e406abc788289fa98f4a8cac88442054d294c429e1ca53282a529f746eb2d7 28906
gconf_3.2.6-1.debian.tar.gz
5bca1f4f02b308e3bb019bb4bcc588479f02bac5fded051d5a84ef49ae5991da 1041240
gconf2-common_3.2.6-1_all.deb
45db301d5adb04232af979b07fc8b6022c648f5eb62c619a24da899c6c664900 415512
libgconf2-doc_3.2.6-1_all.deb
9ffdb57558b801d0980b8a8564836214c950e17c576aefdf1985a13aa9505f9a 422860
gconf2_3.2.6-1_amd64.deb
3905e9b79c07c3f57efe9dcacde3b26d20a2a6f34221d25a15b446aef76062c7 411880
gconf-service_3.2.6-1_amd64.deb
91715cbbb41e6de6bfd83de3feea496d27b69b247a6fc193d10874dc827f4fe0 372446
gconf-defaults-service_3.2.6-1_amd64.deb
7baf9f12cab1ae752aa2b03de7c39b868beeff51edb008a5985a108f15463f36 424544
libgconf-2-4_3.2.6-1_amd64.deb
3777296f25b4bf12639860e369d207aba8e94449332548682bab9dd1eca0073c 357588
libgconf2-4_3.2.6-1_amd64.deb
d8f6ec9eca6d03f6a8deb7a63b5082d62b2691320f24803172fdc0ff496e9ae0 446992
libgconf2-dev_3.2.6-1_amd64.deb
b0ccc536cd1141b4dec6e9a52fe55f23e867949e9a8cd2cb26dd648f3ac81c85 361754
gir1.2-gconf-2.0_3.2.6-1_amd64.deb
8947e831cd17da7fe58c240bc9f6398e6f02e2acafbce0b10198387e4c3b331c 364668
gconf-gsettings-backend_3.2.6-1_amd64.deb
Files:
df80e858e82d17dff2899104ce72b61c 2900 libs optional gconf_3.2.6-1.dsc
2b16996d0e4b112856ee5c59130e822c 1559904 libs optional gconf_3.2.6.orig.tar.xz
a49301d481ffedaba81fc0c35c6ff5ee 28906 libs optional
gconf_3.2.6-1.debian.tar.gz
690e144039c303dc001ad1275323edb2 1041240 libs optional
gconf2-common_3.2.6-1_all.deb
1732466eae885709dc980e01f69aafb1 415512 doc optional
libgconf2-doc_3.2.6-1_all.deb
82e469a542d33a9a2cdef7b39977f433 422860 libs optional gconf2_3.2.6-1_amd64.deb
d66e25cc4d070ae1ff76ce8e16c54661 411880 libs optional
gconf-service_3.2.6-1_amd64.deb
e0512b8a0984ae83b15332a8992645ed 372446 libs optional
gconf-defaults-service_3.2.6-1_amd64.deb
0752b8ea46a5d6f4a65b038b6b8746ce 424544 libs optional
libgconf-2-4_3.2.6-1_amd64.deb
d546699199f2d710e6332bbd2deca841 357588 oldlibs optional
libgconf2-4_3.2.6-1_amd64.deb
cee0d94a3937db075a1585681a77eaf7 446992 libdevel optional
libgconf2-dev_3.2.6-1_amd64.deb
6cbe1ed035dbbaca4a60513b3b57916f 361754 introspection optional
gir1.2-gconf-2.0_3.2.6-1_amd64.deb
c19731f38c1f2a9f2d8ec389c6313e70 364668 libs extra
gconf-gsettings-backend_3.2.6-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRr+bbAAoJEGrh3w1gjyLcJIcP/RJ2Ji+3FKo5xuDQU+noQHbW
ypRsE1HKXBhV4T1lImRZkNxzLaCsfMg/PWwMPflQVYCwW8sDBZTZd/V8Kl+4xTId
9ryI+skSBeU/UkjPkwWqN+5uQju+ZGq+sYxDqJjapJNbXxxQCRdiblP14rAk+Z6Z
koBYuofyIfvdZuu5HGHpOda5csq3vcSiNjM/I4ZZKeHmeYX7DrX4NqxcnJ+OLj6A
06i3LFxDfDwOgfjJ1bkGSK8wOeGeeSkqIIAGReLGRTQ1JH8Pxw9syRwbJRRdWWTq
RWAJoL0/HvUk8uCM+r14ikb45rfr/TS2k7tBKcKBhvim41fn6dT0dAMhgWXNhtZa
Vy/gbwdTQhsSNrZ+0l3aMl0jOu4w/typx9F5l4MG78FyTFxH5EiCYXlfM1975JZR
TyAey/+EF+uz/F1cBPrySIYPpD3DDDEbI8GQLR9FN7i5dUcYtYOlmnKABn4WNJj8
9hmi4n/vXFH/w7gamngkRcp46s44s1r9tIxpQmxS3FzJ/DZckIVcva9szVMkfUf8
2edRk/fchF1EC24dAKguku6izldYyaOMG0Rb3c+e0OrYafjjonN7ortBfF5HSuMZ
e3ICz2KK5A1POqkjXs4u0rj1+OR7WtKh6pBt0Q7KOmD7GyAyYNN145ki2KkzCez1
DSpvlI1Uxuzn3P7RTnSU
=nFEy
-----END PGP SIGNATURE-----
--- End Message ---
