diff --git a/6003-CVE-2019-18218.patch b/6003-CVE-2019-18218.patch new file mode 100644 index 0000000..bf23312 --- /dev/null +++ b/6003-CVE-2019-18218.patch @@ -0,0 +1,43 @@ +From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Mon, 26 Aug 2019 14:31:39 +0000 +Subject: Limit the number of elements in a vector (found by oss-fuzz) + + +diff --git a/src/cdf.c b/src/cdf.c +index 9d639674..bb81d637 100644 +--- a/src/cdf.c ++++ b/src/cdf.c +@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + } + nelements = CDF_GETUINT32(q, 1); +- if (nelements == 0) { +- DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == %" ++ SIZE_T_FORMAT "u\n", nelements)); + goto out; + } + slen = 2; +@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + inp += nelem; + } +- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", +- nelements)); + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { +diff --git a/src/cdf.h b/src/cdf.h +index 2f7e554b..05056668 100644 +--- a/src/cdf.h ++++ b/src/cdf.h +@@ -48,6 +48,7 @@ + typedef int32_t cdf_secid_t; + + #define CDF_LOOP_LIMIT 10000 ++#define CDF_ELEMENT_LIMIT 100000 + + #define CDF_SECID_NULL 0 + #define CDF_SECID_FREE -1 diff --git a/6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch b/6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch new file mode 100644 index 0000000..066e051 --- /dev/null +++ b/6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch @@ -0,0 +1,70 @@ +From 5b86746e1afe155baff70828ac902041ef5c19eb Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Wed, 27 Feb 2019 16:52:23 +0000 +Subject: [PATCH] Use memmem to speed up searches if available (Michael + Schroeder) + +--- + configure.ac | 2 +- + src/softmagic.c | 25 ++++++++++++++++++++++++- + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index ec296aa4..402f75dd 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -151,7 +151,7 @@ else + fi]) + + dnl Checks for functions +-AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale) ++AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale memmem) + + dnl Provide implementation of some required functions if necessary + AC_REPLACE_FUNCS(getopt_long asprintf vasprintf strlcpy strlcat getline ctime_r asctime_r localtime_r gmtime_r pread strcasestr fmtcheck dprintf) +diff --git a/src/softmagic.c b/src/softmagic.c +index cfc17812..9999ef6f 100644 +--- a/src/softmagic.c ++++ b/src/softmagic.c +@@ -32,7 +32,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: softmagic.c,v 1.262 2018/06/22 20:39:50 christos Exp $") ++FILE_RCSID("@(#)$File: softmagic.c,v 1.279 2019/02/27 16:52:23 christos Exp $") + #endif /* lint */ + + #include "magic.h" +@@ -2063,6 +2063,29 @@ magiccheck(struct magic_set *ms, struct magic *m) + slen = MIN(m->vallen, sizeof(m->value.s)); + l = 0; + v = 0; ++#ifdef HAVE_MEMMEM ++ if (slen > 0 && m->str_flags == 0) { ++ const char *found; ++ if (m->str_range != 0 ++ && ms->search.s_len >= m->str_range + slen) { ++ found = memmem(ms->search.s, ++ m->str_range + slen, m->value.s, slen); ++ } else { ++ found = memmem(ms->search.s, ++ ms->search.s_len, m->value.s, slen); ++ if (!found) ++ return 0; ++ } ++ if (!found) { ++ v = 1; ++ } else { ++ idx = found - ms->search.s; ++ ms->search.offset += idx; ++ ms->search.rm_len = ms->search.s_len - idx; ++ } ++ break; ++ } ++#endif + + for (idx = 0; m->str_range == 0 || idx < m->str_range; idx++) { + if (slen + idx > ms->search.s_len) +-- +2.19.1 + diff --git a/6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch b/6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch new file mode 100644 index 0000000..2dc7fc8 --- /dev/null +++ b/6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch @@ -0,0 +1,58 @@ +From dcda2612a5f38a3d9e15c0ac9a7d156d74b3a395 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Thu, 28 Feb 2019 12:52:56 +0000 +Subject: [PATCH] Simplify and always return if not found (found by OSS-fuzz) + +--- + src/softmagic.c | 28 ++++++++++------------------ + 1 file changed, 10 insertions(+), 18 deletions(-) + +diff --git a/src/softmagic.c b/src/softmagic.c +index 9999ef6f..2befe35f 100644 +--- a/src/softmagic.c ++++ b/src/softmagic.c +@@ -32,7 +32,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: softmagic.c,v 1.279 2019/02/27 16:52:23 christos Exp $") ++FILE_RCSID("@(#)$File: softmagic.c,v 1.280 2019/02/28 12:52:56 christos Exp $") + #endif /* lint */ + + #include "magic.h" +@@ -2066,23 +2066,15 @@ magiccheck(struct magic_set *ms, struct magic *m) + #ifdef HAVE_MEMMEM + if (slen > 0 && m->str_flags == 0) { + const char *found; +- if (m->str_range != 0 +- && ms->search.s_len >= m->str_range + slen) { +- found = memmem(ms->search.s, +- m->str_range + slen, m->value.s, slen); +- } else { +- found = memmem(ms->search.s, +- ms->search.s_len, m->value.s, slen); +- if (!found) +- return 0; +- } +- if (!found) { +- v = 1; +- } else { +- idx = found - ms->search.s; +- ms->search.offset += idx; +- ms->search.rm_len = ms->search.s_len - idx; +- } ++ idx = m->str_range + slen; ++ if (m->str_range == 0 || ms->search.s_len < idx) ++ idx = ms->search.s_len; ++ found = memmem(ms->search.s, idx, m->value.s, slen); ++ if (!found) ++ return 0; ++ idx = found - ms->search.s; ++ ms->search.offset += idx; ++ ms->search.rm_len = ms->search.s_len - idx; + break; + } + #endif +-- +2.19.1 + diff --git a/file.spec b/file.spec index 74365e8..ef48540 100644 --- a/file.spec +++ b/file.spec @@ -1,6 +1,6 @@ Name: file Version: 5.34 -Release: 6 +Release: 7 Summary: A tool to identify the type of a particular file type License: BSD URL: http://www.darwinsys.com/file/ @@ -17,6 +17,10 @@ Patch6002: 6002-Fix-indirect-offset-overflow-calculation-B.-Watson.patch Patch3: 0003-file-5.34-readelf.patch +Patch6003: 6003-CVE-2019-18218.patch +Patch6004: 6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch +Patch6005: 6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch + Requires: %{name}-libs = %{version}-%{release} BuildRequires: autoconf automake libtool git zlib-devel @@ -157,6 +161,9 @@ cd %{py3dir} %{python3_sitelib}/__pycache__/* %changelog +* Tue Dec 24 2019 openEuler Buildteam - 5.34-7 +- some bugs fix + * Wed Sep 11 2019 huangzheng - 5.34-6 - Type:enhancement - ID:NA