packages/hdf5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
hdf5/CVE-2018-17234.patch

85 lines
2.9 KiB
Diff
Raw Normal View History

fix cves
2020-11-09 16:54:10 +08:00
From f4138013dbc6851e968ea3d37b32776538ef306b Mon Sep 17 00:00:00 2001
From: Binh-Minh Ribler <bmribler@hdfgroup.org>
Date: Tue, 15 Jan 2019 13:07:22 -0600
Subject: [PATCH] Fixed HDFFV-10578
Description:
- HDFFV-10578 - CVE-2018-17234 Memory leak in H5O__chunk_deserialize()
Actually, the leak was in h5tools_util. Applied Neil's fix.
- Changed an assert to if/HGOTO_ERROR to fail gracefully.
Platforms tested:
Linux/64 (jelly)
Linux/64 (platypus)
Darwin (osx1010test)
---
src/H5Ocache.c | 3 ++-
src/H5VM.c | 2 +-
tools/lib/h5tools_utils.c | 17 ++++++++++++++++-
3 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/src/H5Ocache.c b/src/H5Ocache.c
index ebae3f5..454b287 100644
--- a/src/H5Ocache.c
+++ b/src/H5Ocache.c
@@ -1116,7 +1116,8 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image,
/* Message size */
UINT16DECODE(p, mesg_size);
- HDassert(mesg_size == H5O_ALIGN_OH(oh, mesg_size));
+ if(mesg_size != H5O_ALIGN_OH(oh, mesg_size))
+ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message not aligned")
/* Message flags */
flags = *p++;
diff --git a/src/H5VM.c b/src/H5VM.c
index 4e48001..db6362c 100644
--- a/src/H5VM.c
+++ b/src/H5VM.c
@@ -1503,7 +1503,7 @@ done:
*
* Purpose: Given source and destination buffers in memory (SRC & DST)
* copy sequences of from the source buffer into the destination
- * buffer. Each set of sequnces has an array of lengths, an
+ * buffer. Each set of sequences has an array of lengths, an
* array of offsets, the maximum number of sequences and the
* current sequence to start at in the sequence.
*
diff --git a/tools/lib/h5tools_utils.c b/tools/lib/h5tools_utils.c
index 3f66ef6..2e19bfa 100644
--- a/tools/lib/h5tools_utils.c
+++ b/tools/lib/h5tools_utils.c
@@ -562,6 +562,8 @@ herr_t
init_objs(hid_t fid, find_objs_t *info, table_t **group_table,
table_t **dset_table, table_t **type_table)
{
+ herr_t ret_value = SUCCEED;
+
/* Initialize the tables */
init_table(group_table);
init_table(dset_table);
@@ -574,7 +576,20 @@ init_objs(hid_t fid, find_objs_t *info, table_t **group_table,
info->dset_table = *dset_table;
/* Find all shared objects */
- return(h5trav_visit(fid, "/", TRUE, TRUE, find_objs_cb, NULL, info));
+ if((ret_value = h5trav_visit(fid, "/", TRUE, TRUE, find_objs_cb, NULL, info)) <0)
+ HGOTO_ERROR(FAIL, H5E_tools_min_id_g, "finding shared objects failed")
+
+done:
+ /* Release resources */
+ if(ret_value < 0) {
+ free_table(*group_table);
+ info->group_table = NULL;
+ free_table(*type_table);
+ info->type_table = NULL;
+ free_table(*dset_table);
+ info->dset_table = NULL;
+ }
+ return ret_value;
}
--
2.23.0
Reference in New Issue Copy Permalink