packages/file
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!4 reupload patches

Browse Source 
Merge pull request !4 from openeuler-storage/new
This commit is contained in:
openeuler-ci-bot 2019-12-26 10:38:55 +08:00 committed by Gitee
commit 357c79b74a
4 changed files with 101 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
6003-CVE-2019-18218.patch
View File

@ -9,35 +9,36 @@ index 9d639674..bb81d637 100644
--- a/src/cdf.c
+++ b/src/cdf.c
@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
}
nelements = CDF_GETUINT32(q, 1);
- if (nelements == 0) {
- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
+ DPRINTF(("CDF_VECTOR with nelements == %"
+ SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
goto out;
}
nelements = CDF_GETUINT32(q, 1);
- if (nelements == 0) {
- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
+ DPRINTF(("CDF_VECTOR with nelements == %"
+ SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
inp += nelem;
}
- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
- nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{
goto out;
inp += nelem;
}
- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
- nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{
diff --git a/src/cdf.h b/src/cdf.h
index 2f7e554b..05056668 100644
--- a/src/cdf.h
+++ b/src/cdf.h
@@ -48,6 +48,7 @@
typedef int32_t cdf_secid_t;
#define CDF_LOOP_LIMIT 10000
+#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1
#define CDF_LOOP_LIMIT 10000
+#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1

68
6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch
View File

@ -15,11 +15,11 @@ index ec296aa4..402f75dd 100644
+++ b/configure.ac
@@ -151,7 +151,7 @@ else
fi])
dnl Checks for functions
-AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale)
+AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale memmem)
dnl Provide implementation of some required functions if necessary
AC_REPLACE_FUNCS(getopt_long asprintf vasprintf strlcpy strlcat getline ctime_r asctime_r localtime_r gmtime_r pread strcasestr fmtcheck dprintf)
diff --git a/src/softmagic.c b/src/softmagic.c
@ -28,43 +28,43 @@ index cfc17812..9999ef6f 100644
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
#include "file.h"
#ifndef lint
#ifndef lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.262 2018/06/22 20:39:50 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.279 2019/02/27 16:52:23 christos Exp $")
#endif /* lint */
#endif /* lint */
#include "magic.h"
@@ -2063,6 +2063,29 @@ magiccheck(struct magic_set *ms, struct magic *m)
slen = MIN(m->vallen, sizeof(m->value.s));
l = 0;
v = 0;
slen = MIN(m->vallen, sizeof(m->value.s));
l = 0;
v = 0;
+#ifdef HAVE_MEMMEM
+ if (slen > 0 && m->str_flags == 0) {
+ const char *found;
+ if (m->str_range != 0
+ && ms->search.s_len >= m->str_range + slen) {
+ found = memmem(ms->search.s,
+ m->str_range + slen, m->value.s, slen);
+ } else {
+ found = memmem(ms->search.s,
+ ms->search.s_len, m->value.s, slen);
+ if (!found)
+ return 0;
+ }
+ if (!found) {
+ v = 1;
+ } else {
+ idx = found - ms->search.s;
+ ms->search.offset += idx;
+ ms->search.rm_len = ms->search.s_len - idx;
+ }
+ break;
+ }
+ if (slen > 0 && m->str_flags == 0) {
+ const char *found;
+ if (m->str_range != 0
+ && ms->search.s_len >= m->str_range + slen) {
+ found = memmem(ms->search.s,
+ m->str_range + slen, m->value.s, slen);
+ } else {
+ found = memmem(ms->search.s,
+ ms->search.s_len, m->value.s, slen);
+ if (!found)
+ return 0;
+ }
+ if (!found) {
+ v = 1;
+ } else {
+ idx = found - ms->search.s;
+ ms->search.offset += idx;
+ ms->search.rm_len = ms->search.s_len - idx;
+ }
+ break;
+ }
+#endif
for (idx = 0; m->str_range == 0 || idx < m->str_range; idx++) {
if (slen + idx > ms->search.s_len)
--
for (idx = 0; m->str_range == 0 || idx < m->str_range; idx++) {
if (slen + idx > ms->search.s_len)
--
2.19.1

70
6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch
View File

@ -13,46 +13,46 @@ index 9999ef6f..2befe35f 100644
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
#include "file.h"
#ifndef lint
#ifndef lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.279 2019/02/27 16:52:23 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.280 2019/02/28 12:52:56 christos Exp $")
#endif /* lint */
#endif /* lint */
#include "magic.h"
@@ -2066,23 +2066,15 @@ magiccheck(struct magic_set *ms, struct magic *m)
#ifdef HAVE_MEMMEM
if (slen > 0 && m->str_flags == 0) {
const char *found;
- if (m->str_range != 0
- && ms->search.s_len >= m->str_range + slen) {
- found = memmem(ms->search.s,
- m->str_range + slen, m->value.s, slen);
- } else {
- found = memmem(ms->search.s,
- ms->search.s_len, m->value.s, slen);
- if (!found)
- return 0;
- }
- if (!found) {
- v = 1;
- } else {
- idx = found - ms->search.s;
- ms->search.offset += idx;
- ms->search.rm_len = ms->search.s_len - idx;
- }
+ idx = m->str_range + slen;
+ if (m->str_range == 0 || ms->search.s_len < idx)
+ idx = ms->search.s_len;
+ found = memmem(ms->search.s, idx, m->value.s, slen);
+ if (!found)
+ return 0;
+ idx = found - ms->search.s;
+ ms->search.offset += idx;
+ ms->search.rm_len = ms->search.s_len - idx;
break;
}
if (slen > 0 && m->str_flags == 0) {
const char *found;
- if (m->str_range != 0
- && ms->search.s_len >= m->str_range + slen) {
- found = memmem(ms->search.s,
- m->str_range + slen, m->value.s, slen);
- } else {
- found = memmem(ms->search.s,
- ms->search.s_len, m->value.s, slen);
- if (!found)
- return 0;
- }
- if (!found) {
- v = 1;
- } else {
- idx = found - ms->search.s;
- ms->search.offset += idx;
- ms->search.rm_len = ms->search.s_len - idx;
- }
+ idx = m->str_range + slen;
+ if (m->str_range == 0 || ms->search.s_len < idx)
+ idx = ms->search.s_len;
+ found = memmem(ms->search.s, idx, m->value.s, slen);
+ if (!found)
+ return 0;
+ idx = found - ms->search.s;
+ ms->search.offset += idx;
+ ms->search.rm_len = ms->search.s_len - idx;
break;
}
#endif
--
--
2.19.1

11
file.spec
View File

@ -1,6 +1,6 @@
Name: file
Version: 5.34
Release: 8
Release: 9
Summary: A tool to identify the type of a particular file type
License: BSD
URL: http://www.darwinsys.com/file/
@ -17,9 +17,9 @@ Patch6002: 6002-Fix-indirect-offset-overflow-calculation-B.-Watson.patch
Patch3: 0003-file-5.34-readelf.patch
#Patch6003: 6003-CVE-2019-18218.patch
#Patch6004: 6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch
#Patch6005: 6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch
Patch6003: 6003-CVE-2019-18218.patch
Patch6004: 6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch
Patch6005: 6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch
Requires: %{name}-libs = %{version}-%{release}
BuildRequires: autoconf automake libtool git zlib-devel
@ -161,6 +161,9 @@ cd %{py3dir}
%{python3_sitelib}/__pycache__/*
%changelog
* Thu Dec 26 2019 openEuler Buildteam <buildteam@openeuler.org> - 5.34-9
- reupload patches
* Wed Dec 25 2019 openEuler Buildteam <buildteam@openeuler.org> - 5.34-8
- revert patches