fix CVE-2022-1355

2022-05-18 14:44:19 +08:00 · 2022-05-18 14:44:19 +08:00 · f1201a96de
commit f1201a96de
parent 4e9cc4baaf
2 changed files with 63 additions and 1 deletions
--- a/backport-CVE-2022-1355.patch
+++ b/backport-CVE-2022-1355.patch
@ -0,0 +1,58 @@
+From fb1db384959698edd6caeea84e28253d272a0f96 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 2 Apr 2022 22:33:31 +0200
+Subject: [PATCH] tiffcp: avoid buffer overflow in "mode" string (fixes #400)
+
+Conflict:NA
+Reference:https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/fb1db384959698edd6caeea84e28253d272a0f96
+---
+ tools/tiffcp.c | 25 ++++++++++++++++++++-----
+ 1 file changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 552d8fa..57eef90 100644
+--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
+@@ -274,19 +274,34 @@ main(int argc, char* argv[])
+ 			deftilewidth = atoi(optarg);
+ 			break;
+ 		case 'B':
+-			*mp++ = 'b'; *mp = '\0';
+			if (strlen(mode) < (sizeof(mode) - 1))
+			{
+				*mp++ = 'b'; *mp = '\0';
+			}
+ 			break;
+ 		case 'L':
+-			*mp++ = 'l'; *mp = '\0';
+			if (strlen(mode) < (sizeof(mode) - 1))
+			{
+				*mp++ = 'l'; *mp = '\0';
+			}
+ 			break;
+ 		case 'M':
+-			*mp++ = 'm'; *mp = '\0';
+			if (strlen(mode) < (sizeof(mode) - 1))
+			{
+				*mp++ = 'm'; *mp = '\0';
+			}
+ 			break;
+ 		case 'C':
+-			*mp++ = 'c'; *mp = '\0';
+			if (strlen(mode) < (sizeof(mode) - 1))
+			{
+				*mp++ = 'c'; *mp = '\0';
+			}
+ 			break;
+ 		case '8':
+-			*mp++ = '8'; *mp = '\0';
+			if (strlen(mode) < (sizeof(mode)-1))
+			{
+				*mp++ = '8'; *mp = '\0';
+			}
+ 			break;
+ 		case 'x':
+ 			pageInSeq = 1;
+-- 
+2.27.0
+
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        12
+Release:        13
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@ -17,6 +17,7 @@ Patch6007:      backport-CVE-2022-0908.patch
 Patch6008:      backport-CVE-2022-0865.patch
 Patch6009:      backport-CVE-2022-0909.patch
 Patch6010:      backport-CVE-2022-0924.patch
+Patch6011:	backport-CVE-2022-1355.patch

 Patch9000:	fix-raw2tiff-floating-point-exception.patch

@ -139,6 +140,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html

 %changelog
+* Wed May 18 2022 liuyumeng <liuyumeng5@h-partners.com> - 4.3.0-13
+- fix CVE-2022-1355
+
 * Fri Apr 01 2022 dongyuzhen <dongyuzhen@h-partners.com> - 4.3.0-12
 - fix CVE-2022-0909,CVE-2022-0924