add patch for CVE-2018-20337

2020-07-13 11:24:45 +08:00 · 2020-07-13 11:24:45 +08:00 · 25a31e52d0
commit 25a31e52d0
parent 71fc1c96b2
2 changed files with 25 additions and 0 deletions
--- a/CVE-2018-20337.patch
+++ b/CVE-2018-20337.patch
@ -0,0 +1,21 @@
+From fbf60377c006eaea8d3eca3f5e4c654909dcdfd2 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Wed, 19 Dec 2018 11:15:08 +0300
+Subject: [PATCH] possible buffer overrun in Fuji makernotes parser
+
+---
+ internal/dcraw_common.cpp | 2 +-
+
+diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
+index 936aebf9..a0cd7226 100644
+--- a/internal/dcraw_common.cpp
+++ b/internal/dcraw_common.cpp
+@@ -10345,7 +10345,7 @@ void CLASS parse_makernote(int base, int uptag)
+             else
+               year += 1900;
+ 
+-            ynum_len = (int)strnlen(words[i], sizeof(imgdata.shootinginfo.InternalBodySerial) - 1) - 18;
+            ynum_len = MIN((sizeof(ynum)-1), (int)strnlen(words[i], sizeof(imgdata.shootinginfo.InternalBodySerial) - 1) - 18);
+             strncpy(ynum, words[i], ynum_len);
+             ynum[ynum_len] = 0;
+             for (int j = 0; ynum[j] && ynum[j + 1] && sscanf(ynum + j, "%2x", &c); j += 2)
--- a/LibRaw.spec
+++ b/LibRaw.spec
@ -7,6 +7,7 @@ URL:           http://www.libraw.org
 Source0:       http://www.libraw.org/data/%{name}-%{version}.tar.gz
 Patch0002:     LibRaw-0.17.1-CVE-2015-8366-8367.patch
 Patch6000:     LibRaw-0.19.2-CVE-2018-5817,5818,5819.patch
+Patch6001:     CVE-2018-20337.patch 

 BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg)
 Provides:      bundled(dcraw) = 9.25
@ -66,6 +67,9 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o
 %exclude %{_docdir}/libraw/*

 %changelog
+* Mon Jul 13 2020 wangyue <wangyue92@huawei.com> - 0.19.0-9
+- Fix CVE-2018-20337.
+ 
 * Mon Mar 09 2020 songnannan <songnannan2@huaiwe.com> - 0.19.0-8
 - disable the jasper