packages/file
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!1 bugs fix

Browse Source 
Merge pull request !1 from openeuler-storage/open
This commit is contained in:
openeuler-ci-bot 2019-12-25 17:10:40 +08:00 committed by Gitee
commit eeaf78c8f0
4 changed files with 179 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
6003-CVE-2019-18218.patch Normal file
View File

@ -0,0 +1,43 @@
From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Mon, 26 Aug 2019 14:31:39 +0000
Subject: Limit the number of elements in a vector (found by oss-fuzz)
diff --git a/src/cdf.c b/src/cdf.c
index 9d639674..bb81d637 100644
--- a/src/cdf.c
+++ b/src/cdf.c
@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
}
nelements = CDF_GETUINT32(q, 1);
- if (nelements == 0) {
- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
+ DPRINTF(("CDF_VECTOR with nelements == %"
+ SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
inp += nelem;
}
- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
- nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{
diff --git a/src/cdf.h b/src/cdf.h
index 2f7e554b..05056668 100644
--- a/src/cdf.h
+++ b/src/cdf.h
@@ -48,6 +48,7 @@
typedef int32_t cdf_secid_t;
#define CDF_LOOP_LIMIT 10000
+#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1

70
6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch Normal file
View File

@ -0,0 +1,70 @@
From 5b86746e1afe155baff70828ac902041ef5c19eb Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Wed, 27 Feb 2019 16:52:23 +0000
Subject: [PATCH] Use memmem to speed up searches if available (Michael
Schroeder)
---
configure.ac | 2 +-
src/softmagic.c | 25 ++++++++++++++++++++++++-
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index ec296aa4..402f75dd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -151,7 +151,7 @@ else
fi])
dnl Checks for functions
-AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale)
+AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale memmem)
dnl Provide implementation of some required functions if necessary
AC_REPLACE_FUNCS(getopt_long asprintf vasprintf strlcpy strlcat getline ctime_r asctime_r localtime_r gmtime_r pread strcasestr fmtcheck dprintf)
diff --git a/src/softmagic.c b/src/softmagic.c
index cfc17812..9999ef6f 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.262 2018/06/22 20:39:50 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.279 2019/02/27 16:52:23 christos Exp $")
#endif /* lint */
#include "magic.h"
@@ -2063,6 +2063,29 @@ magiccheck(struct magic_set *ms, struct magic *m)
slen = MIN(m->vallen, sizeof(m->value.s));
l = 0;
v = 0;
+#ifdef HAVE_MEMMEM
+ if (slen > 0 && m->str_flags == 0) {
+ const char *found;
+ if (m->str_range != 0
+ && ms->search.s_len >= m->str_range + slen) {
+ found = memmem(ms->search.s,
+ m->str_range + slen, m->value.s, slen);
+ } else {
+ found = memmem(ms->search.s,
+ ms->search.s_len, m->value.s, slen);
+ if (!found)
+ return 0;
+ }
+ if (!found) {
+ v = 1;
+ } else {
+ idx = found - ms->search.s;
+ ms->search.offset += idx;
+ ms->search.rm_len = ms->search.s_len - idx;
+ }
+ break;
+ }
+#endif
for (idx = 0; m->str_range == 0 || idx < m->str_range; idx++) {
if (slen + idx > ms->search.s_len)
--
2.19.1

58
6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch Normal file
View File

@ -0,0 +1,58 @@
From dcda2612a5f38a3d9e15c0ac9a7d156d74b3a395 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Thu, 28 Feb 2019 12:52:56 +0000
Subject: [PATCH] Simplify and always return if not found (found by OSS-fuzz)
---
src/softmagic.c | 28 ++++++++++------------------
1 file changed, 10 insertions(+), 18 deletions(-)
diff --git a/src/softmagic.c b/src/softmagic.c
index 9999ef6f..2befe35f 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.279 2019/02/27 16:52:23 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.280 2019/02/28 12:52:56 christos Exp $")
#endif /* lint */
#include "magic.h"
@@ -2066,23 +2066,15 @@ magiccheck(struct magic_set *ms, struct magic *m)
#ifdef HAVE_MEMMEM
if (slen > 0 && m->str_flags == 0) {
const char *found;
- if (m->str_range != 0
- && ms->search.s_len >= m->str_range + slen) {
- found = memmem(ms->search.s,
- m->str_range + slen, m->value.s, slen);
- } else {
- found = memmem(ms->search.s,
- ms->search.s_len, m->value.s, slen);
- if (!found)
- return 0;
- }
- if (!found) {
- v = 1;
- } else {
- idx = found - ms->search.s;
- ms->search.offset += idx;
- ms->search.rm_len = ms->search.s_len - idx;
- }
+ idx = m->str_range + slen;
+ if (m->str_range == 0 || ms->search.s_len < idx)
+ idx = ms->search.s_len;
+ found = memmem(ms->search.s, idx, m->value.s, slen);
+ if (!found)
+ return 0;
+ idx = found - ms->search.s;
+ ms->search.offset += idx;
+ ms->search.rm_len = ms->search.s_len - idx;
break;
}
#endif
--
2.19.1

9
file.spec
View File

@ -1,6 +1,6 @@
Name: file Name: file
Version: 5.34 Version: 5.34
Release: 6 Release: 7
Summary: A tool to identify the type of a particular file type Summary: A tool to identify the type of a particular file type
License: BSD License: BSD
URL: http://www.darwinsys.com/file/ URL: http://www.darwinsys.com/file/
@ -17,6 +17,10 @@ Patch6002: 6002-Fix-indirect-offset-overflow-calculation-B.-Watson.patch
Patch3: 0003-file-5.34-readelf.patch Patch3: 0003-file-5.34-readelf.patch
Patch6003: 6003-CVE-2019-18218.patch
Patch6004: 6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch
Patch6005: 6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch
Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release}
BuildRequires: autoconf automake libtool git zlib-devel BuildRequires: autoconf automake libtool git zlib-devel
@ -157,6 +161,9 @@ cd %{py3dir}
%{python3_sitelib}/__pycache__/* %{python3_sitelib}/__pycache__/*
%changelog %changelog
* Tue Dec 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 5.34-7
- some bugs fix
* Wed Sep 11 2019 huangzheng <huangzheng22@huawei.com> - 5.34-6 * Wed Sep 11 2019 huangzheng <huangzheng22@huawei.com> - 5.34-6
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA