summary refs log tree commit diff
path: root/gnu/packages/patches/file-CVE-2018-10360.patch
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2018-12-16 14:44:31 +0200
committerEfraim Flashner <efraim@flashner.co.il>2018-12-24 11:12:52 +0200
commite47c69f22638dc92ee962942b8e24284c8dee832 (patch)
tree98b225fcae4ac42dc6e8c2c5bf0f98a96d8d407d /gnu/packages/patches/file-CVE-2018-10360.patch
parent0865d8a8f6c229fef5bcba647cc7b37c2f3d3dae (diff)
downloadguix-e47c69f22638dc92ee962942b8e24284c8dee832.tar.gz
gnu: file: Fix CVE-2018-10360.
* gnu/packages/patches/file-CVE-2018-10360.patch: New file.
* gnu/packages/file.scm (file)[replacement]: New field.
(file/fixed): New variable.
* gnu/packages/commencement.scm (file-boot0): Use 'package/inherit' to
receive security fixes.
* gnu/local.mk (dist_patch_DATA): Register it.
Diffstat (limited to 'gnu/packages/patches/file-CVE-2018-10360.patch')
-rw-r--r--gnu/packages/patches/file-CVE-2018-10360.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/gnu/packages/patches/file-CVE-2018-10360.patch b/gnu/packages/patches/file-CVE-2018-10360.patch
new file mode 100644
index 0000000000..9285611c04
--- /dev/null
+++ b/gnu/packages/patches/file-CVE-2018-10360.patch
@@ -0,0 +1,27 @@
+https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22.patch
+The leading part of the patch starting at line 27 was trimmed off.
+This patch should be OK to drop with file@5.35.
+
+From a642587a9c9e2dd7feacdf513c3643ce26ad3c22 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Sat, 9 Jun 2018 16:00:06 +0000
+Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis)
+
+---
+ src/readelf.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 79c83f9f5..1f41b4611 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+ 
+ 				cname = (unsigned char *)
+ 				    &nbuf[doff + prpsoffsets(i)];
+-				for (cp = cname; *cp && isprint(*cp); cp++)
++				for (cp = cname; cp < nbuf + size && *cp
++				    && isprint(*cp); cp++)
+ 					continue;
+ 				/*
+ 				 * Linux apparently appends a space at the end