diff options
author | Max Rees <maxcrees@me.com> | 2019-06-20 19:01:52 -0400 |
---|---|---|
committer | Max Rees <maxcrees@me.com> | 2019-06-24 22:09:37 -0400 |
commit | 41ba180fc2dfcdb5516769593fdc06dacfc22e2d (patch) | |
tree | 42a148e851e4c063afbd645554bc1b180d49bf8f /user/exiv2/CVE-2018-19535.patch | |
parent | e1786dc80374f7ab320c11c3e79edabe034cb794 (diff) | |
download | packages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.tar.gz packages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.tar.bz2 packages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.tar.xz packages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.zip |
user/exiv2: [CVE] bump to 0.27.1, add tests
Diffstat (limited to 'user/exiv2/CVE-2018-19535.patch')
-rw-r--r-- | user/exiv2/CVE-2018-19535.patch | 239 |
1 files changed, 0 insertions, 239 deletions
diff --git a/user/exiv2/CVE-2018-19535.patch b/user/exiv2/CVE-2018-19535.patch deleted file mode 100644 index ba9355012..000000000 --- a/user/exiv2/CVE-2018-19535.patch +++ /dev/null @@ -1,239 +0,0 @@ -From 03173751b4d7053d6ddf52a15904e8f751f78f56 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com> -Date: Sun, 2 Sep 2018 14:39:52 +0200 -Subject: [PATCH 2/5] Fix bug in PngChunk::readRawProfile - -- Now it takes into account text.size_ when searching for a newline -char. ---- - src/pngchunk.cpp | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp -index 58281b3ff..755872c94 100644 ---- a/src/pngchunk.cpp -+++ b/src/pngchunk.cpp -@@ -629,11 +629,19 @@ namespace Exiv2 { - - - sp = (char*)text.pData_+1; -+ int pointerPos = 1; - - // Look for newline -- -- while (*sp != '\n') -+ while (*sp != '\n' && pointerPos < (text.size_ - 1)) -+ { - sp++; -+ pointerPos++; -+ } -+ -+ if (pointerPos == (text.size_ - 1)) -+ { -+ return DataBuf(); -+ } - - // Look for length - - -From cf3ba049a2792ec2a4a877e343f5dd9654da53dc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com> -Date: Mon, 3 Sep 2018 08:51:08 +0200 -Subject: [PATCH 3/5] Fix more issues in PngChunk::readRawProfile - ---- - src/pngchunk.cpp | 36 +++++++++++++----------- - 1 file changed, 20 insertions(+), 16 deletions(-) - -diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp -index 755872c94..9b3faf1aa 100644 ---- a/src/pngchunk.cpp -+++ b/src/pngchunk.cpp -@@ -606,11 +606,6 @@ namespace Exiv2 { - DataBuf PngChunk::readRawProfile(const DataBuf& text,bool iTXt) - { - DataBuf info; -- register long i; -- register unsigned char *dp; -- const char *sp; -- unsigned int nibbles; -- long length; - unsigned char unhex[103]={0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0, -@@ -627,8 +622,7 @@ namespace Exiv2 { - return info; - } - -- -- sp = (char*)text.pData_+1; -+ const char *sp = (char*)text.pData_+1; - int pointerPos = 1; - - // Look for newline -@@ -638,20 +632,30 @@ namespace Exiv2 { - pointerPos++; - } - -+ // Look for length -+ while ((*sp == '\0' || *sp == ' ' || *sp == '\n') && pointerPos < (text.size_ - 1)) -+ { -+ sp++; -+ pointerPos++; -+ } -+ - if (pointerPos == (text.size_ - 1)) - { - return DataBuf(); - } - -- // Look for length -+ long length = (long) atol(sp); - -- while (*sp == '\0' || *sp == ' ' || *sp == '\n') -+ while (*sp != ' ' && *sp != '\n' && pointerPos < (text.size_ - 1)) -+ { - sp++; -+ pointerPos++; -+ } - -- length = (long) atol(sp); -- -- while (*sp != ' ' && *sp != '\n') -- sp++; -+ if (pointerPos == (text.size_ - 1)) -+ { -+ return DataBuf(); -+ } - - // Allocate space - -@@ -674,10 +678,10 @@ namespace Exiv2 { - - // Copy profile, skipping white space and column 1 "=" signs - -- dp = (unsigned char*)info.pData_; -- nibbles = length * 2; -+ unsigned char *dp = (unsigned char*)info.pData_; -+ unsigned int nibbles = length * 2; - -- for (i = 0; i < (long) nibbles; i++) -+ for (long i = 0; i < (long) nibbles; i++) - { - while (*sp < '0' || (*sp > '9' && *sp < 'a') || *sp > 'f') - { - -From 8b480bc5b2cc2abb8cf6fe4e16c24e58916464d2 Mon Sep 17 00:00:00 2001 -From: Robin Mills <robin@clanmills.com> -Date: Mon, 10 Sep 2018 20:54:53 +0200 -Subject: [PATCH 4/5] Fixes in PngChunk::readRawProfile - ---- - src/pngchunk.cpp | 55 ++++++++++++++++++++++---------------------- - 1 file changed, 27 insertions(+), 28 deletions(-) - -diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp -index 9b3faf1aa..f81b560aa 100644 ---- a/src/pngchunk.cpp -+++ b/src/pngchunk.cpp -@@ -607,11 +607,11 @@ namespace Exiv2 { - { - DataBuf info; - unsigned char unhex[103]={0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0, -- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,10,11,12, -- 13,14,15}; -+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, -+ 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0, -+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, -+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,10,11,12, -+ 13,14,15}; - if (text.size_ == 0) { - return DataBuf(); - } -@@ -622,52 +622,51 @@ namespace Exiv2 { - return info; - } - -- const char *sp = (char*)text.pData_+1; -- int pointerPos = 1; -+ const char *sp = (char*) text.pData_+1; // current byte (space pointer) -+ const char *eot = (char*) text.pData_+text.size_; // end of text - - // Look for newline -- while (*sp != '\n' && pointerPos < (text.size_ - 1)) -+ while (*sp != '\n' && sp < eot ) - { - sp++; -- pointerPos++; -+ if ( sp == eot ) -+ { -+ return DataBuf(); -+ } - } -+ sp++ ; // step over '\n' - - // Look for length -- while ((*sp == '\0' || *sp == ' ' || *sp == '\n') && pointerPos < (text.size_ - 1)) -+ while ( (*sp == '\0' || *sp == ' ' || *sp == '\n') && sp < eot ) - { - sp++; -- pointerPos++; -- } -- -- if (pointerPos == (text.size_ - 1)) -- { -- return DataBuf(); -+ if (sp == eot ) -+ { -+ return DataBuf(); -+ } - } - -- long length = (long) atol(sp); -- -- while (*sp != ' ' && *sp != '\n' && pointerPos < (text.size_ - 1)) -+ const char* startOfLength = sp; -+ while ( ('0' <= *sp && *sp <= '9') && sp < eot) - { - sp++; -- pointerPos++; -+ if (sp == eot ) -+ { -+ return DataBuf(); -+ } - } -+ sp++ ; // step over '\n' - -- if (pointerPos == (text.size_ - 1)) -- { -- return DataBuf(); -- } -+ long length = (long) atol(startOfLength); - - // Allocate space -- - if (length == 0) - { - #ifdef DEBUG - std::cerr << "Exiv2::PngChunk::readRawProfile: Unable To Copy Raw Profile: invalid profile length\n"; - #endif - } -- - info.alloc(length); -- - if (info.size_ != length) - { - #ifdef DEBUG -@@ -678,7 +677,7 @@ namespace Exiv2 { - - // Copy profile, skipping white space and column 1 "=" signs - -- unsigned char *dp = (unsigned char*)info.pData_; -+ unsigned char *dp = (unsigned char*)info.pData_; // decode pointer - unsigned int nibbles = length * 2; - - for (long i = 0; i < (long) nibbles; i++) - |