diff options
author | Leo Famulari <leo@famulari.name> | 2018-01-19 17:49:02 -0800 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2018-01-19 17:51:00 -0800 |
commit | ccb5cac17be98aaa9c3225605d6170c675d8e8e6 (patch) | |
tree | f5edc746192152c97506347d5d0b38e27a6ba905 /gnu/packages/patches | |
parent | e8409dd2754259e6478ebcba390738f832452191 (diff) | |
download | guix-ccb5cac17be98aaa9c3225605d6170c675d8e8e6.tar.gz |
gnu: libexif: Fix CVE-2016-6328.
* gnu/packages/patches/libexif-CVE-2016-6328.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/photo.scm (libexif)[source]: Use it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/libexif-CVE-2016-6328.patch | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch new file mode 100644 index 0000000000..67fee0f528 --- /dev/null +++ b/gnu/packages/patches/libexif-CVE-2016-6328.patch @@ -0,0 +1,72 @@ +Fix CVE-2016-6328: + +https://bugzilla.redhat.com/show_bug.cgi?id=1366239 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 + +Patch copied from upstream source repository: + +https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d + +From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 +From: Marcus Meissner <marcus@jet.franken.de> +Date: Tue, 25 Jul 2017 23:44:44 +0200 +Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax + makernote entries. + +This should fix: +https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 +--- + libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c +index d03d159..ea0429a 100644 +--- a/libexif/pentax/mnote-pentax-entry.c ++++ b/libexif/pentax/mnote-pentax-entry.c +@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + case EXIF_FORMAT_SHORT: + { + const unsigned char *data = entry->data; +- size_t k, len = strlen(val); ++ size_t k, len = strlen(val), sizeleft; ++ ++ sizeleft = entry->size; + for(k=0; k<entry->components; k++) { ++ if (sizeleft < 2) ++ break; + vs = exif_get_short (data, entry->order); + snprintf (val+len, maxlen-len, "%i ", vs); + len = strlen(val); + data += 2; ++ sizeleft -= 2; + } + } + break; + case EXIF_FORMAT_LONG: + { + const unsigned char *data = entry->data; +- size_t k, len = strlen(val); ++ size_t k, len = strlen(val), sizeleft; ++ ++ sizeleft = entry->size; + for(k=0; k<entry->components; k++) { ++ if (sizeleft < 4) ++ break; + vl = exif_get_long (data, entry->order); + snprintf (val+len, maxlen-len, "%li", (long int) vl); + len = strlen(val); + data += 4; ++ sizeleft -= 4; + } + } + break; +@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + break; + } + +- return (val); ++ return val; + } +-- +2.16.0 + |