clibs/libxls
SHA256
5
0
Fork 0
forked from pool/libxls
Code Pull Requests Activity

Accepting request 977612 from server:mail

Browse Source 
- Add 0001-Fixes-94-possible-null-ptr-deref.patch [boo#1192323] [CVE-2021-27836]

OBS-URL: https://build.opensuse.org/request/show/977612
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libxls?expand=0&rev=6
This commit is contained in:
Dominique Leuenberger
2022-05-17 15:24:30 +00:00
committed by Git OBS Bridge
parent c255cce000 02dba8bce2
commit ecaa48cdb3
3 changed files with 65 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
0001-Fixes-94-possible-null-ptr-deref.patch Normal file
View File

@@ -0,0 +1,57 @@
From 866fedeae65ba9ff12b6cf4449dee2096bb2da51 Mon Sep 17 00:00:00 2001
From: stephematician <stephematician@gmail.com>
Date: Wed, 2 Mar 2022 15:01:51 +1100
Subject: [PATCH] Fixes #94 possible null ptr deref
Changes due to lockedbyte and PR 97 conversation
---
include/xls.h | 4 +++-
src/xls.c | 6 ++++++
2 files changed, 9 insertions(+), 1 deletion(-)
Index: libxls-1.6.2/include/xls.h
===================================================================
--- libxls-1.6.2.orig/include/xls.h
+++ libxls-1.6.2/include/xls.h
@@ -49,7 +49,9 @@ typedef enum {
LIBXLS_ERROR_SEEK,
LIBXLS_ERROR_READ,
LIBXLS_ERROR_PARSE,
- LIBXLS_ERROR_MALLOC
+ LIBXLS_ERROR_MALLOC,
+ LIBXLS_ERROR_UNSUPPORTED_ENCRYPTION,
+ LIBXLS_ERROR_NULL_ARGUMENT
} xls_error_t;
const char* xls_getVersion(void);
Index: libxls-1.6.2/src/xls.c
===================================================================
--- libxls-1.6.2.orig/src/xls.c
+++ libxls-1.6.2/src/xls.c
@@ -830,6 +830,8 @@ int xls_isRecordTooSmall(xlsWorkBook *pW
xls_error_t xls_parseWorkBook(xlsWorkBook* pWB)
{
+ if(!pWB) return LIBXLS_ERROR_NULL_ARGUMENT;
+
BOF bof1 = { .id = 0, .size = 0 };
BOF bof2 = { .id = 0, .size = 0 };
BYTE* buf = NULL;
@@ -1072,6 +1074,8 @@ cleanup:
static xls_error_t xls_preparseWorkSheet(xlsWorkSheet* pWS)
{
+ if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT;
+
BOF tmp;
BYTE* buf = NULL;
xls_error_t retval = LIBXLS_OK;
@@ -1221,6 +1225,8 @@ static xls_error_t xls_formatColumn(xlsW
xls_error_t xls_parseWorkSheet(xlsWorkSheet* pWS)
{
+ if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT;
+
BOF tmp;
BYTE* buf = NULL;
long offset = pWS->filepos;

6
libxls.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon May 16 20:51:17 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Add 0001-Fixes-94-possible-null-ptr-deref.patch
[boo#1192323] [CVE-2021-27836]
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 26 11:30:00 UTC 2021 - Jan Engelhardt <jengelh@inai.de> Tue Jan 26 11:30:00 UTC 2021 - Jan Engelhardt <jengelh@inai.de>

3
libxls.spec
View File

@@ -1,7 +1,7 @@
# #
# spec file for package libxls # spec file for package libxls
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@@ -25,6 +25,7 @@ License: BSD-2-Clause
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
URL: https://github.com/libxls/libxls URL: https://github.com/libxls/libxls
Source: https://github.com/libxls/libxls/releases/download/v%version/libxls-%version.tar.gz Source: https://github.com/libxls/libxls/releases/download/v%version/libxls-%version.tar.gz
Patch1: 0001-Fixes-94-possible-null-ptr-deref.patch
BuildRequires: pkg-config BuildRequires: pkg-config
%description %description