pool/file
SHA256
4
0
Fork 2
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add temporary patch CVE-2019-18218-46a8443f.patch

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/Base:System/file?expand=0&rev=195
This commit is contained in:
Dr. Werner Fink 2019-10-22 13:26:36 +00:00 committed by Git OBS Bridge
parent 2b6ead8ec5
commit b3c0fb0be8
3 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2019-18218-46a8443f.patch Normal file
View File

@ -0,0 +1,43 @@
From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Mon, 26 Aug 2019 14:31:39 +0000
Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
---
src/cdf.c | 7 +++----
src/cdf.h | 1 +
2 files changed, 4 insertions(+), 4 deletions(-)
--- src/cdf.c
+++ src/cdf.c 2019-10-22 13:05:01.410441092 +0000
@@ -968,8 +968,9 @@ cdf_read_property_info(const cdf_stream_
goto out;
}
nelements = CDF_GETUINT32(q, 1);
- if (nelements == 0) {
- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
+ DPRINTF(("CDF_VECTOR with nelements == %"
+ SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
@@ -1011,8 +1012,6 @@ cdf_read_property_info(const cdf_stream_
goto out;
inp += nelem;
}
- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
- nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{
--- src/cdf.h
+++ src/cdf.h 2019-10-22 13:05:01.422440872 +0000
@@ -48,6 +48,7 @@
typedef int32_t cdf_secid_t;
#define CDF_LOOP_LIMIT 10000
+#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1

6
file.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Oct 22 13:24:26 UTC 2019 - Dr. Werner Fink <werner@suse.de>
- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream
to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 14 13:40:13 UTC 2019 - Dr. Werner Fink <werner@suse.de> Mon Oct 14 13:40:13 UTC 2019 - Dr. Werner Fink <werner@suse.de>

2
file.spec
View File

@ -65,6 +65,7 @@ Patch36: file-5.15-clear-invalid.patch
Patch37: file-secure_getenv.patch Patch37: file-secure_getenv.patch
Patch39: file-5.28-btrfs-image.dif Patch39: file-5.28-btrfs-image.dif
Patch42: file-upstream.patch Patch42: file-upstream.patch
Patch43: CVE-2019-18218-46a8443f.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%global _sysconfdir /etc %global _sysconfdir /etc
%global _miscdir %{_datadir}/misc %global _miscdir %{_datadir}/misc
@ -134,6 +135,7 @@ to develop applications that require the magic "file" interface.
%patch37 -p1 -b .getenv %patch37 -p1 -b .getenv
%patch39 -p1 -b .btrfs %patch39 -p1 -b .btrfs
%patch42 -p0 -b .tmp %patch42 -p0 -b .tmp
%patch43 -p0 -b .CVE-2019-18218
%patch -b .0 %patch -b .0
test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in
rm -fv src/magic.h rm -fv src/magic.h