!254 [sync] PR-251: fix CVE-2024-7006

From: @openeuler-sync-bot Reviewed-by: @weidongkl Signed-off-by: @weidongkl
2024-08-13 03:06:05 +00:00 · 2024-08-13 03:06:05 +00:00 · d5525bac82
commit d5525bac82
parent 5f85b729d3 8200d186fd
2 changed files with 66 additions and 1 deletions
--- a/backport-0004-CVE-2024-7006.patch
+++ b/backport-0004-CVE-2024-7006.patch
@ -0,0 +1,61 @@
 From 818fb8ce881cf839fbc710f6690aadb992aa0f9e Mon Sep 17 00:00:00 2001
 From: Su_Laus <sulau@freenet.de>
 Date: Fri, 1 Dec 2023 20:12:25 +0100
 Subject: [PATCH] Check return value of _TIFFCreateAnonField().
 Fixes #624
 ---
 libtiff/tif_dirinfo.c |  2 +-
 libtiff/tif_dirread.c | 16 ++++++----------
 2 files changed, 7 insertions(+), 11 deletions(-)
 diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
 index bff7592a..2338ca21 100644
 --- a/libtiff/tif_dirinfo.c
 +++ b/libtiff/tif_dirinfo.c
@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterField(TIFF *tif, uint32_t tag,
     if (fld == NULL)
     {
         fld = _TIFFCreateAnonField(tif, tag, dt);
 -        if (!_TIFFMergeFields(tif, fld, 1))
 +        if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
             return NULL;
     }
 diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
 index c7969414..242912f3 100644
 --- a/libtiff/tif_dirread.c
 +++ b/libtiff/tif_dirread.c
@@ -4278,11 +4278,9 @@ int TIFFReadDirectory(TIFF *tif)
                                 dp->tdir_tag, dp->tdir_tag);
                 /* the following knowingly leaks the
                    anonymous field structure */
 -                if (!_TIFFMergeFields(
 -                        tif,
 -                        _TIFFCreateAnonField(tif, dp->tdir_tag,
 -                                             (TIFFDataType)dp->tdir_type),
 -                        1))
 +                const TIFFField *fld = _TIFFCreateAnonField(
 +                    tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
 +                if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
                 {
                     TIFFWarningExtR(
                         tif, module,
@@ -5156,11 +5154,9 @@ int TIFFReadCustomDirectory(TIFF *tif, toff_t diroff,
                             "Unknown field with tag %" PRIu16 " (0x%" PRIx16
                             ") encountered",
                             dp->tdir_tag, dp->tdir_tag);
 -            if (!_TIFFMergeFields(
 -                    tif,
 -                    _TIFFCreateAnonField(tif, dp->tdir_tag,
 -                                         (TIFFDataType)dp->tdir_type),
 -                    1))
 +            const TIFFField *fld = _TIFFCreateAnonField(
 +                tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
 +            if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
             {
                 TIFFWarningExtR(tif, module,
                                 "Registering anonymous field with tag %" PRIu16
 -- 
 GitLab
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.6.0
-Release:        2
+Release:        3
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://libtiff.gitlab.io/libtiff/
@ -10,6 +10,7 @@ Patch6000:      backport-CVE-2023-6228.patch
 Patch6001:      backport-0001-CVE-2023-6277.patch
 Patch6002:      backport-0002-CVE-2023-6277.patch
 Patch6003:      backport-0003-CVE-2023-6277.patch
 Patch6004:      backport-0004-CVE-2024-7006.patch
 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires:  libtool automake autoconf pkgconfig
@ -129,6 +130,9 @@ find doc -name 'Makefile*' | xargs rm
 %exclude %{_mandir}/man1/*
 %changelog
 * Tue Aug 13 2024 wangguochun <wangguochun@kylinos.cn> - 4.6.0-3
 - fix CVE-2024-7006
 * Mon Jul 22 2024 xuguangmin <xuguangmin@kylinos.cn> - 4.6.0-2
 - Fix incorrect dates in the ChangeLog section of the spec file.