!254 [sync] PR-251: fix CVE-2024-7006

From: @openeuler-sync-bot Reviewed-by: @weidongkl Signed-off-by: @weidongkl
2024-08-13 03:06:05 +00:00 · 2024-08-13 03:06:05 +00:00 · d5525bac82
commit d5525bac82
parent 5f85b729d3 8200d186fd
2 changed files with 66 additions and 1 deletions
--- a/backport-0004-CVE-2024-7006.patch
+++ b/backport-0004-CVE-2024-7006.patch
@ -0,0 +1,61 @@
+From 818fb8ce881cf839fbc710f6690aadb992aa0f9e Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 1 Dec 2023 20:12:25 +0100
+Subject: [PATCH] Check return value of _TIFFCreateAnonField().
+
+Fixes #624
+---
+ libtiff/tif_dirinfo.c |  2 +-
+ libtiff/tif_dirread.c | 16 ++++++----------
+ 2 files changed, 7 insertions(+), 11 deletions(-)
+
+diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
+index bff7592a..2338ca21 100644
+--- a/libtiff/tif_dirinfo.c
+++ b/libtiff/tif_dirinfo.c
+@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterField(TIFF *tif, uint32_t tag,
+     if (fld == NULL)
+     {
+         fld = _TIFFCreateAnonField(tif, tag, dt);
+-        if (!_TIFFMergeFields(tif, fld, 1))
+        if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+             return NULL;
+     }
+ 
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index c7969414..242912f3 100644
+--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
+@@ -4278,11 +4278,9 @@ int TIFFReadDirectory(TIFF *tif)
+                                 dp->tdir_tag, dp->tdir_tag);
+                 /* the following knowingly leaks the
+                    anonymous field structure */
+-                if (!_TIFFMergeFields(
+-                        tif,
+-                        _TIFFCreateAnonField(tif, dp->tdir_tag,
+-                                             (TIFFDataType)dp->tdir_type),
+-                        1))
+                const TIFFField *fld = _TIFFCreateAnonField(
+                    tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
+                if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+                 {
+                     TIFFWarningExtR(
+                         tif, module,
+@@ -5156,11 +5154,9 @@ int TIFFReadCustomDirectory(TIFF *tif, toff_t diroff,
+                             "Unknown field with tag %" PRIu16 " (0x%" PRIx16
+                             ") encountered",
+                             dp->tdir_tag, dp->tdir_tag);
+-            if (!_TIFFMergeFields(
+-                    tif,
+-                    _TIFFCreateAnonField(tif, dp->tdir_tag,
+-                                         (TIFFDataType)dp->tdir_type),
+-                    1))
+            const TIFFField *fld = _TIFFCreateAnonField(
+                tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
+            if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+             {
+                 TIFFWarningExtR(tif, module,
+                                 "Registering anonymous field with tag %" PRIu16
+-- 
+GitLab
+
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.6.0
-Release:        2
+Release:        3
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://libtiff.gitlab.io/libtiff/
@ -10,6 +10,7 @@ Patch6000:      backport-CVE-2023-6228.patch
 Patch6001:      backport-0001-CVE-2023-6277.patch
 Patch6002:      backport-0002-CVE-2023-6277.patch
 Patch6003:      backport-0003-CVE-2023-6277.patch
+Patch6004:      backport-0004-CVE-2024-7006.patch

 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires:  libtool automake autoconf pkgconfig
@ -129,6 +130,9 @@ find doc -name 'Makefile*' | xargs rm
 %exclude %{_mandir}/man1/*

 %changelog
+* Tue Aug 13 2024 wangguochun <wangguochun@kylinos.cn> - 4.6.0-3
+- fix CVE-2024-7006
+
 * Mon Jul 22 2024 xuguangmin <xuguangmin@kylinos.cn> - 4.6.0-2
 - Fix incorrect dates in the ChangeLog section of the spec file.