packages/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!2 Add CVE patches

Browse Source 
Merge pull request !2 from 通行百万/local
This commit is contained in:
openeuler-ci-bot 2020-03-11 18:59:11 +08:00 committed by Gitee
commit e16270f20e
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
backport-CVE-2018-10772.patch Normal file
View File

@ -0,0 +1,59 @@
From b5d2e4feea9c942bf4951f573410845dc5d81747 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kev@semmle.com>
Date: Wed, 19 Feb 2020 15:55:54 +0800
Subject: [PATCH] Add better bounds checking in PngImage::printStructure().
---
src/pngimage.cpp | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/pngimage.cpp b/src/pngimage.cpp
index 991da6c..516dcc2 100644
--- a/src/pngimage.cpp
+++ b/src/pngimage.cpp
@@ -241,7 +241,7 @@ namespace Exiv2 {
if (bufRead != cheaderBuf.size_) throw Error(20);
// Decode chunk data length.
- uint32_t dataOffset = Exiv2::getULong(cheaderBuf.pData_, Exiv2::bigEndian);
+ const uint32_t dataOffset = Exiv2::getULong(cheaderBuf.pData_, Exiv2::bigEndian);
for (int i = 4; i < 8; i++) {
chType[i-4]=cheaderBuf.pData_[i];
}
@@ -256,7 +256,8 @@ namespace Exiv2 {
}
DataBuf buff(dataOffset);
- io_->read(buff.pData_,dataOffset);
+ bufRead = io_->read(buff.pData_,dataOffset);
+ if (bufRead != static_cast<long>(dataOffset)) throw Exiv2::Error(14);
io_->seek(restore, BasicIo::beg);
// format output
@@ -269,7 +270,8 @@ namespace Exiv2 {
if ( bPrint ) {
io_->seek(dataOffset, BasicIo::cur);// jump to checksum
byte checksum[4];
- io_->read(checksum,4);
+ bufRead = io_->read(checksum,4);
+ if (bufRead != 4) throw Exiv2::Error(14);
io_->seek(restore, BasicIo::beg) ;// restore file pointer
out << Internal::stringFormat("%8d | %-5s |%8d | "
@@ -300,9 +302,12 @@ namespace Exiv2 {
DataBuf dataBuf;
byte* data = new byte[dataOffset+1];
data[dataOffset] = 0;
- io_->read(data,dataOffset);
+ bufRead = io_->read(data,dataOffset);
+ if (bufRead != static_cast<long>(dataOffset)) throw Exiv2::Error(14);
io_->seek(restore, BasicIo::beg);
uint32_t name_l = (uint32_t) std::strlen((const char*)data)+1; // leading string length
+ if (name_l > dataOffset) throw Exiv2::Error(58);
+
uint32_t start = name_l;
bool bLF = false;
--
2.19.1

9
exiv2.spec
View File

@ -1,6 +1,6 @@
Name: exiv2 Name: exiv2
Version: 0.26 Version: 0.26
Release: 16 Release: 17
Summary: Exif, IPTC and XMP metadata and the ICC Profile Summary: Exif, IPTC and XMP metadata and the ICC Profile
License: GPLv2+ License: GPLv2+
URL: http://www.exiv2.org/ URL: http://www.exiv2.org/
@ -52,6 +52,7 @@ Patch6019: CVE-2018-16336.patch
Patch6020: CVE-2018-17581.patch Patch6020: CVE-2018-17581.patch
Patch6021: CVE-2019-13110-Avoid-integer-overflow.patch Patch6021: CVE-2019-13110-Avoid-integer-overflow.patch
Patch6022: CVE-2018-4868.patch Patch6022: CVE-2018-4868.patch
Patch6023: backport-CVE-2018-10772.patch
Provides: exiv2-libs Provides: exiv2-libs
Obsoletes: exiv2-libs Obsoletes: exiv2-libs
@ -115,6 +116,12 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
%{_datadir}/doc/html/ %{_datadir}/doc/html/
%changelog %changelog
* Wed Mar 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.26-17
- Type:cves
- ID:NA
- SUG:NA
- DESC:Add CVE patches
* Tue Dec 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.26-16 * Tue Dec 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.26-16
- change the path of files - change the path of files