packages/libtiff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!33 fix CVE-2022-22844

Browse Source 
From: @dongyuzhen 
Reviewed-by: @shirely16, @zzm_567, @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2022-03-10 01:58:42 +00:00 committed by Gitee
commit 3fa035f1ee
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 119 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
backport-0001-CVE-2022-22844.patch Normal file
View File

@ -0,0 +1,42 @@
From 49b81e99704bd199a24ccce65f974cc2d78cccc4 Mon Sep 17 00:00:00 2001
From: 4ugustus <wangdw.augustus@qq.com>
Date: Tue, 4 Jan 2022 11:01:37 +0000
Subject: [PATCH] fixing global-buffer-overflow in tiffset
Conflict:NA
Reference:https://gitlab.com/libtiff/libtiff/-/commit/49b81e99704bd199a24ccce65f974cc2d78cccc4
---
tools/tiffset.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/tools/tiffset.c b/tools/tiffset.c
index 8c9e23c..b7badd9 100644
--- a/tools/tiffset.c
+++ b/tools/tiffset.c
@@ -146,9 +146,19 @@ main(int argc, char* argv[])
arg_index++;
if (TIFFFieldDataType(fip) == TIFF_ASCII) {
- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
- fprintf( stderr, "Failed to set %s=%s\n",
- TIFFFieldName(fip), argv[arg_index] );
+ if(TIFFFieldPassCount( fip )) {
+ size_t len;
+ len = (uint32_t)(strlen(argv[arg_index] + 1));
+ if (TIFFSetField(tiff, TIFFFieldTag(fip),
+ (uint16_t)len, argv[arg_index]) != 1)
+ fprintf( stderr, "Failed to set %s=%s",
+ TIFFFieldName(fip), argv[arg_index] );
+ } else {
+ if (TIFFSetField(tiff, TIFFFieldTag(fip),
+ argv[arg_index]) != 1)
+ fprintf( stderr, "Failed to set %s=%s",
+ TIFFFieldName(fip), argv[arg_index] );
+ }
} else if (TIFFFieldWriteCount(fip) > 0
|| TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
int ret = 1;
--
2.33.0

39
backport-0002-CVE-2022-22844.patch Normal file
View File

@ -0,0 +1,39 @@
From 0cf67888e32e36b45828dd467920684c93f2b22d Mon Sep 17 00:00:00 2001
From: Timothy Lyanguzov <theta682@gmail.com>
Date: Tue, 25 Jan 2022 04:27:28 +0000
Subject: [PATCH] Apply 4 suggestion(s) to 1 file(s)
Conflict:NA
Reference:https://gitlab.com/libtiff/libtiff/-/commit/0cf67888e32e36b45828dd467920684c93f2b22d
---
tools/tiffset.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/tiffset.c b/tools/tiffset.c
index b7badd9..b8b52c0 100644
--- a/tools/tiffset.c
+++ b/tools/tiffset.c
@@ -148,15 +148,15 @@ main(int argc, char* argv[])
if (TIFFFieldDataType(fip) == TIFF_ASCII) {
if(TIFFFieldPassCount( fip )) {
size_t len;
- len = (uint32_t)(strlen(argv[arg_index] + 1));
- if (TIFFSetField(tiff, TIFFFieldTag(fip),
+ len = strlen(argv[arg_index] + 1);
+ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
(uint16_t)len, argv[arg_index]) != 1)
- fprintf( stderr, "Failed to set %s=%s",
+ fprintf( stderr, "Failed to set %s=%s\n",
TIFFFieldName(fip), argv[arg_index] );
} else {
if (TIFFSetField(tiff, TIFFFieldTag(fip),
argv[arg_index]) != 1)
- fprintf( stderr, "Failed to set %s=%s",
+ fprintf( stderr, "Failed to set %s=%s\n",
TIFFFieldName(fip), argv[arg_index] );
}
} else if (TIFFFieldWriteCount(fip) > 0
--
2.33.0

28
backport-0003-CVE-2022-22844.patch Normal file
View File

@ -0,0 +1,28 @@
From 0a827a985f891d6df481a6f581c723640fad7874 Mon Sep 17 00:00:00 2001
From: 4ugustus <wangdw.augustus@qq.com>
Date: Tue, 25 Jan 2022 04:30:38 +0000
Subject: [PATCH] fix a small typo in strlen
Conflict:NA
Reference:https://gitlab.com/libtiff/libtiff/-/commit/0a827a985f891d6df481a6f581c723640fad7874
---
tools/tiffset.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/tiffset.c b/tools/tiffset.c
index b8b52c0..e7a88c0 100644
--- a/tools/tiffset.c
+++ b/tools/tiffset.c
@@ -148,7 +148,7 @@ main(int argc, char* argv[])
if (TIFFFieldDataType(fip) == TIFF_ASCII) {
if(TIFFFieldPassCount( fip )) {
size_t len;
- len = strlen(argv[arg_index] + 1);
+ len = strlen(argv[arg_index]) + 1;
if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
(uint16_t)len, argv[arg_index]) != 1)
fprintf( stderr, "Failed to set %s=%s\n",
--
2.33.0

11
libtiff.spec
View File

@ -1,6 +1,6 @@
Name: libtiff
Version: 4.3.0
Release: 3
Release: 4
Summary: TIFF Library and Utilities
License: libtiff
URL: https://www.simplesystems.org/libtiff/
@ -8,6 +8,9 @@ Source0: https://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
Patch6000: backport-CVE-2022-0561.patch
Patch6001: backport-CVE-2022-0562.patch
Patch6002: backport-0001-CVE-2022-22844.patch
Patch6003: backport-0002-CVE-2022-22844.patch
Patch6004: backport-0003-CVE-2022-22844.patch
BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
BuildRequires: libtool automake autoconf pkgconfig
@ -128,6 +131,12 @@ find html -name 'Makefile*' | xargs rm
%exclude %{_datadir}/html/man/tiffgt.1.html
%changelog
* Tue Mar 08 2022 dongyuzhen <dongyuzhen@h-partners.com> - 4.3.0-4
- Type:cves
- ID:CVE-2022-22844
- SUG:NA
- DESC:fix CVE-2022-22844
* Wed Feb 23 2022 liuyumeng <liuyumeng5@h-partners.com> -4.3.0-3
- Type:cves
- ID:CVE-2022-0561CVE-2022-0562