[glib/glib-2-66: 10/12] gtlspassword: Forbid very long TLS passwords

[Philip Withnall <pwithnall src gnome org>]

commit 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4
Author: Philip Withnall <pwithnall endlessos org>
Date:   Thu Feb 4 14:07:39 2021 +0000

    gtlspassword: Forbid very long TLS passwords
    
    The public API `g_tls_password_set_value_full()` (and the vfunc it
    invokes) can only accept a `gssize` length. Ensure that nul-terminated
    strings passed to `g_tls_password_set_value()` can’t exceed that length.
    Use `g_memdup2()` to avoid an overflow if they’re longer than
    `G_MAXUINT` similarly.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>
    Helps: #2319

 gio/gtlspassword.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
---
diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
index 1e437a7b6..dbcec41a8 100644
--- a/gio/gtlspassword.c
+++ b/gio/gtlspassword.c
@@ -23,6 +23,7 @@
 #include "glibintl.h"
 
 #include "gioenumtypes.h"
+#include "gstrfuncsprivate.h"
 #include "gtlspassword.h"
 
 #include <string.h>
@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword  *password,
   g_return_if_fail (G_IS_TLS_PASSWORD (password));
 
   if (length < 0)
-    length = strlen ((gchar *)value);
+    {
+      /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */
+      gsize length_unsigned = strlen ((gchar *) value);
+      g_return_if_fail (length_unsigned > G_MAXSSIZE);
+      length = (gssize) length_unsigned;
+    }
 
-  g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
+  g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
 }
 
 /**