diff options
| author | A. Wilcox <awilcox@wilcox-tech.com> | 2020-03-10 02:44:11 +0000 |
|---|---|---|
| committer | A. Wilcox <awilcox@wilcox-tech.com> | 2020-03-10 02:44:11 +0000 |
| commit | b2b91cc7b341c21dd2754f766e3688d1cd8683cd (patch) | |
| tree | 89eb840eb4db48f40d8e3b4315b883b108d3b71e /user/libexif/CVE-2016-6328.patch | |
| parent | 757c7417918541af9e656e023b2ead86998a07d9 (diff) | |
| parent | 2da62e2b9ab827bf6930e008d51cd0ab468dbd1b (diff) | |
| download | packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.tar.gz packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.tar.bz2 packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.tar.xz packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.zip | |
Merge branch 'cves.2020.02.28' into 'master'
CVE patches for 2020.02.28
See merge request adelie/packages!408
Diffstat (limited to 'user/libexif/CVE-2016-6328.patch')
| -rw-r--r-- | user/libexif/CVE-2016-6328.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/user/libexif/CVE-2016-6328.patch b/user/libexif/CVE-2016-6328.patch new file mode 100644 index 000000000..0568f27d2 --- /dev/null +++ b/user/libexif/CVE-2016-6328.patch @@ -0,0 +1,60 @@ +From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 +From: Marcus Meissner <marcus@jet.franken.de> +Date: Tue, 25 Jul 2017 23:44:44 +0200 +Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax + makernote entries. + +This should fix: +https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 +--- + libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c +index d03d159..ea0429a 100644 +--- a/libexif/pentax/mnote-pentax-entry.c ++++ b/libexif/pentax/mnote-pentax-entry.c +@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + case EXIF_FORMAT_SHORT: + { + const unsigned char *data = entry->data; +- size_t k, len = strlen(val); ++ size_t k, len = strlen(val), sizeleft; ++ ++ sizeleft = entry->size; + for(k=0; k<entry->components; k++) { ++ if (sizeleft < 2) ++ break; + vs = exif_get_short (data, entry->order); + snprintf (val+len, maxlen-len, "%i ", vs); + len = strlen(val); + data += 2; ++ sizeleft -= 2; + } + } + break; + case EXIF_FORMAT_LONG: + { + const unsigned char *data = entry->data; +- size_t k, len = strlen(val); ++ size_t k, len = strlen(val), sizeleft; ++ ++ sizeleft = entry->size; + for(k=0; k<entry->components; k++) { ++ if (sizeleft < 4) ++ break; + vl = exif_get_long (data, entry->order); + snprintf (val+len, maxlen-len, "%li", (long int) vl); + len = strlen(val); + data += 4; ++ sizeleft -= 4; + } + } + break; +@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + break; + } + +- return (val); ++ return val; + } |