fix CVE-2023-3316

2023-06-25 07:50:37 +00:00 · 2023-06-25 07:50:37 +00:00 · 4e6afd7596
commit 4e6afd7596
parent f6c342d630
2 changed files with 59 additions and 1 deletions
--- a/backport-CVE-2023-3316.patch
+++ b/backport-CVE-2023-3316.patch
@ -0,0 +1,54 @@
+From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 3 Feb 2023 17:38:55 +0100
+Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515
+
+Closes #515
+
+Reference:https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536
+Conflict:NA
+
+---
+ libtiff/tif_close.c | 11 +++++++----
+ tools/tiffcrop.c    |  5 ++++-
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c
+index 985d290cf..907d7f139 100644
+--- a/libtiff/tif_close.c
+++ b/libtiff/tif_close.c
+@@ -147,9 +147,12 @@ void _TIFFCleanupIFDOffsetAndNumberMaps(TIFF *tif)
+ 
+ void TIFFClose(TIFF *tif)
+ {
+-    TIFFCloseProc closeproc = tif->tif_closeproc;
+-    thandle_t fd = tif->tif_clientdata;
+    if (tif != NULL)
+    {
+        TIFFCloseProc closeproc = tif->tif_closeproc;
+        thandle_t fd = tif->tif_clientdata;
+ 
+-    TIFFCleanup(tif);
+-    (void)(*closeproc)(fd);
+        TIFFCleanup(tif);
+        (void)(*closeproc)(fd);
+    }
+ }
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 7db69883e..84e26ac66 100644
+--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
+@@ -2920,7 +2920,10 @@ int main(int argc, char *argv[])
+         }
+     }
+ 
+-    TIFFClose(out);
+    if (out != NULL)
+    {
+        TIFFClose(out);
+    }
+ 
+     return (0);
+ } /* end main */
+-- 
+GitLab
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.5.0
-Release:        5
+Release:        6
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@ -12,6 +12,7 @@ Patch6002:	backport-0002-CVE-2023-0795-0796-0797-0798-0799.patch
 Patch6003:	backport-CVE-2023-0800-0801-0802-0803-0804.patch
 Patch6004:	backport-CVE-2023-2731.patch
 Patch6005:	backport-CVE-2023-26965.patch
+Patch6006:	backport-CVE-2023-3316.patch

 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires:  libtool automake autoconf pkgconfig
@ -131,6 +132,9 @@ find doc -name 'Makefile*' | xargs rm
 %exclude %{_mandir}/man1/*

 %changelog
+* Sun Jun 25 2023 zhangpan <zhangpan103@h-partners.com> - 4.5.0-6
+- fix CVE-2023-3316
+
 * Thu Jun 15 2023 zhangpan <zhangpan103@h-partners.com> - 4.5.0-5
 - fix CVE-2023-26965