From 02dba8bce2b46330178f675c4d6c4b8c87d2283de8db0e6c4f5d91eefb751045 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 16 May 2022 20:52:37 +0000 Subject: [PATCH] - Add 0001-Fixes-94-possible-null-ptr-deref.patch [boo#1192323] [CVE-2021-27836] OBS-URL: https://build.opensuse.org/package/show/server:mail/libxls?expand=0&rev=13 --- 0001-Fixes-94-possible-null-ptr-deref.patch | 57 +++++++++++++++++++++ libxls.changes | 6 +++ libxls.spec | 3 +- 3 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 0001-Fixes-94-possible-null-ptr-deref.patch diff --git a/0001-Fixes-94-possible-null-ptr-deref.patch b/0001-Fixes-94-possible-null-ptr-deref.patch new file mode 100644 index 0000000..0cec02e --- /dev/null +++ b/0001-Fixes-94-possible-null-ptr-deref.patch @@ -0,0 +1,57 @@ +From 866fedeae65ba9ff12b6cf4449dee2096bb2da51 Mon Sep 17 00:00:00 2001 +From: stephematician +Date: Wed, 2 Mar 2022 15:01:51 +1100 +Subject: [PATCH] Fixes #94 possible null ptr deref + +Changes due to lockedbyte and PR 97 conversation +--- + include/xls.h | 4 +++- + src/xls.c | 6 ++++++ + 2 files changed, 9 insertions(+), 1 deletion(-) + +Index: libxls-1.6.2/include/xls.h +=================================================================== +--- libxls-1.6.2.orig/include/xls.h ++++ libxls-1.6.2/include/xls.h +@@ -49,7 +49,9 @@ typedef enum { + LIBXLS_ERROR_SEEK, + LIBXLS_ERROR_READ, + LIBXLS_ERROR_PARSE, +- LIBXLS_ERROR_MALLOC ++ LIBXLS_ERROR_MALLOC, ++ LIBXLS_ERROR_UNSUPPORTED_ENCRYPTION, ++ LIBXLS_ERROR_NULL_ARGUMENT + } xls_error_t; + + const char* xls_getVersion(void); +Index: libxls-1.6.2/src/xls.c +=================================================================== +--- libxls-1.6.2.orig/src/xls.c ++++ libxls-1.6.2/src/xls.c +@@ -830,6 +830,8 @@ int xls_isRecordTooSmall(xlsWorkBook *pW + + xls_error_t xls_parseWorkBook(xlsWorkBook* pWB) + { ++ if(!pWB) return LIBXLS_ERROR_NULL_ARGUMENT; ++ + BOF bof1 = { .id = 0, .size = 0 }; + BOF bof2 = { .id = 0, .size = 0 }; + BYTE* buf = NULL; +@@ -1072,6 +1074,8 @@ cleanup: + + static xls_error_t xls_preparseWorkSheet(xlsWorkSheet* pWS) + { ++ if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT; ++ + BOF tmp; + BYTE* buf = NULL; + xls_error_t retval = LIBXLS_OK; +@@ -1221,6 +1225,8 @@ static xls_error_t xls_formatColumn(xlsW + + xls_error_t xls_parseWorkSheet(xlsWorkSheet* pWS) + { ++ if(!pWS) return LIBXLS_ERROR_NULL_ARGUMENT; ++ + BOF tmp; + BYTE* buf = NULL; + long offset = pWS->filepos; diff --git a/libxls.changes b/libxls.changes index a1e2a7b..7e052af 100644 --- a/libxls.changes +++ b/libxls.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon May 16 20:51:17 UTC 2022 - Jan Engelhardt + +- Add 0001-Fixes-94-possible-null-ptr-deref.patch + [boo#1192323] [CVE-2021-27836] + ------------------------------------------------------------------- Tue Jan 26 11:30:00 UTC 2021 - Jan Engelhardt diff --git a/libxls.spec b/libxls.spec index a387efc..3c829ba 100644 --- a/libxls.spec +++ b/libxls.spec @@ -1,7 +1,7 @@ # # spec file for package libxls # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,6 +25,7 @@ License: BSD-2-Clause Group: Development/Libraries/C and C++ URL: https://github.com/libxls/libxls Source: https://github.com/libxls/libxls/releases/download/v%version/libxls-%version.tar.gz +Patch1: 0001-Fixes-94-possible-null-ptr-deref.patch BuildRequires: pkg-config %description