|
|
@@ -0,0 +1,38 @@
|
|
|
+From e64c221f9c7d09b48b610c5626b3b8c400f0907c Mon Sep 17 00:00:00 2001
|
|
|
+From: Michael Catanzaro <mcatanzaro@redhat.com>
|
|
|
+Date: Thu, 8 May 2025 09:27:01 -0500
|
|
|
+Subject: [PATCH] auth-digest: fix crash in
|
|
|
+ soup_auth_digest_get_protection_space()
|
|
|
+
|
|
|
+We need to validate the Domain parameter in the WWW-Authenticate header.
|
|
|
+
|
|
|
+Unfortunately this crash only occurs when listening on default ports 80
|
|
|
+and 443, so there's no good way to test for this. The test would require
|
|
|
+running as root.
|
|
|
+
|
|
|
+Fixes #440
|
|
|
+
|
|
|
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c]
|
|
|
+CVE: CVE-2025-4476
|
|
|
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
|
|
|
+
|
|
|
+
|
|
|
+ libsoup/auth/soup-auth-digest.c | 2 +-
|
|
|
+ 1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
+
|
|
|
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
|
|
|
+index d8bb2910..292f2045 100644
|
|
|
+--- a/libsoup/auth/soup-auth-digest.c
|
|
|
++++ b/libsoup/auth/soup-auth-digest.c
|
|
|
+@@ -220,7 +220,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, GUri *source_uri)
|
|
|
+ if (uri &&
|
|
|
+ g_strcmp0 (g_uri_get_scheme (uri), g_uri_get_scheme (source_uri)) == 0 &&
|
|
|
+ g_uri_get_port (uri) == g_uri_get_port (source_uri) &&
|
|
|
+- !strcmp (g_uri_get_host (uri), g_uri_get_host (source_uri)))
|
|
|
++ !g_strcmp0 (g_uri_get_host (uri), g_uri_get_host (source_uri)))
|
|
|
+ dir = g_strdup (g_uri_get_path (uri));
|
|
|
+ else
|
|
|
+ dir = NULL;
|
|
|
+--
|
|
|
+GitLab
|
|
|
+
|
Ashish Sharma