all: use nm_memdup() instead of g_memdup()

g_memdup()'s size argument is a guint. There was CVE-2021-27219 about an integer overflow, which results in a buffer overflow. In response to that, g_memdup2() was introduced in 2.68. We can't use g_memdup2(), because our currently required glib version is still 2.40. There was no bug at those two places where g_memdup() was used. It's just that g_memdup() is a code smell. Prevent any questions that a reader of the code might have regarding the correctness of g_memdup() (w.r.t. integer/buffer overflow), by not using it. Instead use our internal nm_memdup() variant, which exactly exists for this reason. See-also: https://gitlab.gnome.org/GNOME/glib/-/issues/2319
2026-06-15 17:28:27 +02:00 · 2022-10-18 20:05:11 +02:00 · 2022-10-18 20:05:11 +02:00 · 18c9ad1045
commit 18c9ad1045
parent 37582fc384
2 changed files with 2 additions and 2 deletions
--- a/src/libnm-client-impl/nm-secret-agent-old.c
+++ b/src/libnm-client-impl/nm-secret-agent-old.c
@ -818,7 +818,7 @@ nm_secret_agent_old_register_async(NMSecretAgentOld   *self,
            cancelled_id =
                g_cancellable_connect(cancellable, G_CALLBACK(_register_cancelled_cb), task, NULL);
            if (cancelled_id != 0) {
-                g_task_set_task_data(task, g_memdup(&cancelled_id, sizeof(cancelled_id)), g_free);
+                g_task_set_task_data(task, nm_memdup(&cancelled_id, sizeof(cancelled_id)), g_free);
            }
        }
    }
--- a/src/libnm-glib-aux/nm-test-utils.h
+++ b/src/libnm-glib-aux/nm-test-utils.h
@ -1939,7 +1939,7 @@ nmtst_logging_disable(gboolean always)
        return NULL;
    }

-    p = g_memdup(_nm_logging_enabled_state, sizeof(_nm_logging_enabled_state));
+    p = nm_memdup(_nm_logging_enabled_state, sizeof(_nm_logging_enabled_state));
    memset(_nm_logging_enabled_state, 0, sizeof(_nm_logging_enabled_state));
    return p;
 }