Fix CVE-2022-20698

2022-01-24 11:36:40 +08:00 · 2022-01-24 11:36:40 +08:00 · d450a0f634
commit d450a0f634
parent 253128b25c
2 changed files with 36 additions and 1 deletions
--- a/CVE-2022-20698.patch
+++ b/CVE-2022-20698.patch
@ -0,0 +1,31 @@
+From 9a6bb57f89721db637f4ddb5b233c1c4e23d223a Mon Sep 17 00:00:00 2001
+From: Micah Snyder <micasnyd@cisco.com>
+Date: Wed, 15 Sep 2021 15:51:53 -0700
+Subject: [PATCH] OOXML: Fix invalid pointer dereference
+
+The OOXML parser in libclamav may try to extract an entry that is
+missing a file name. This results in an invalid 0x1 pointer dereference
+in the ZIP parser that is likely to crash the scanning application.
+
+This commit fixes the issue by requiring both the PartName (PN) *and*
+the ContentType (CT) variables to be non-NULL or else the entry will be
+skipped.
+
+Thank you Laurent Delosieres for reporting this issue.
+---
+ libclamav/ooxml.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libclamav/ooxml.c b/libclamav/ooxml.c
+index 16c436f1a5..644779432c 100644
+--- a/libclamav/ooxml.c
+++ b/libclamav/ooxml.c
+@@ -245,7 +245,7 @@ static cl_error_t ooxml_content_cb(int fd, const char *filepath, cli_ctx *ctx, c
+             cli_dbgmsg("%s: %s\n", localname, value);
+         }
+ 
+-        if (!CT && !PN) continue;
+        if (!CT || !PN) continue;
+ 
+         if (!xmlStrcmp(CT, (const xmlChar *)"application/vnd.openxmlformats-package.core-properties+xml")) {
+             /* default: /docProps/core.xml*/
--- a/clamav.spec
+++ b/clamav.spec
@ -1,7 +1,7 @@
 Name:           clamav
 Summary:        End-user tools for the Clam Antivirus scanner
 Version:        0.103.2
-Release:        3
+Release:        4

 License:        GPLv2 and Public Domain and bzip2-1.0.6 and Zlib and Apache-2.0
 URL:            https://www.clamav.net/
@ -30,6 +30,7 @@ Patch0006:      clamav-freshclam.service.patch
 Patch0007:      clamav-type-conversion.patch
 Patch0008:      clamav-return-val-process.patch
 Patch0009:      clamav-clamonacc-version-return.patch
+Patch0010:      CVE-2022-20698.patch

 BuildRequires:  autoconf automake gettext-devel libtool libtool-ltdl-devel
 BuildRequires:  gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel
@ -414,6 +415,9 @@ test -e %_var/log/clamav-milter.log || {


 %changelog
+* Mon Jan 24 2022 wangkai <wangkai385@huawei.com> - 0.103.2-4
+- Fix CVE-2022-20698
+
 * Mon Aug 9 2021 caodongxia <caodongxia@huawei.com> - 0.103.2-3
 - fix clamonacc --version and --writer return value