libsoup-2.4: Fix CVE-2025-32912

Upstream-Status: Backport from
cd077513f2
& 910ebdcd3d

(From OE-Core rev: c45c8ad64aafd1f8a447f4fce6a2e7c0f22ef5f0)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri 2025-05-21 15:23:23 +05:30 committed by Steve Sakoman
parent a0e298a849
commit a6c55c0bd7
3 changed files with 73 additions and 0 deletions

View File

@ -0,0 +1,41 @@
From cd077513f267e43ce4b659eb18a1734d8a369992 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Wed, 5 Feb 2025 14:03:05 -0600
Subject: [PATCH 1/2] auth-digest: Handle missing nonce
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992]
CVE: CVE-2025-32912
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
libsoup/soup-auth-digest.c | 2 +-
tests/auth-test.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index a1db188..f0edb81 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -156,7 +156,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
guint qop_options;
gboolean ok = TRUE;
- if (!soup_auth_get_realm (auth))
+ if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
return FALSE;
g_free (priv->domain);
diff --git a/tests/auth-test.c b/tests/auth-test.c
index 6fb1e4a..343d7a5 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -1629,6 +1629,7 @@ main (int argc, char **argv)
g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
+ g_test_add_data_func ("/auth/missing-params/nonce-and-qop", "Digest realm=\"auth-test\"", do_missing_params_test);
ret = g_test_run ();
--
2.25.1

View File

@ -0,0 +1,30 @@
From 910ebdcd3dd82386717a201c13c834f3a63eed7f Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Sat, 8 Feb 2025 12:30:13 -0600
Subject: [PATCH 2/2] digest-auth: Handle NULL nonce
`contains` only handles a missing nonce, `lookup` handles both missing and empty.
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f]
CVE: CVE-2025-32912
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
libsoup/soup-auth-digest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index f0edb81..c49ffd9 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -156,7 +156,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
guint qop_options;
gboolean ok = TRUE;
- if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
+ if (!soup_auth_get_realm (auth) || !g_hash_table_lookup (auth_params, "nonce"))
return FALSE;
g_free (priv->domain);
--
2.25.1

View File

@ -28,6 +28,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-32910-3.patch \
file://CVE-2025-32911_CVE-2025-32913-1.patch \
file://CVE-2025-32911_CVE-2025-32913-2.patch \
file://CVE-2025-32912-1.patch \
file://CVE-2025-32912-2.patch \
"
SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"