diff options
| author | A. Wilcox <awilcox@wilcox-tech.com> | 2020-06-15 21:08:54 +0000 |
|---|---|---|
| committer | A. Wilcox <awilcox@wilcox-tech.com> | 2020-06-15 21:08:54 +0000 |
| commit | fdeddc8e9da35c99bae08190a8476dc37ac8e9b8 (patch) | |
| tree | a28b8099d156ea27a5efc7d4603bbc2289363471 /user/libexif/CVE-2016-6328.patch | |
| parent | 230772b3aed14d14b9438ea9b2283fa28c7ebce5 (diff) | |
| parent | 29e941e719283d2570dc67038722d6ea6c19874e (diff) | |
| download | packages-fdeddc8e9da35c99bae08190a8476dc37ac8e9b8.tar.gz packages-fdeddc8e9da35c99bae08190a8476dc37ac8e9b8.tar.bz2 packages-fdeddc8e9da35c99bae08190a8476dc37ac8e9b8.tar.xz packages-fdeddc8e9da35c99bae08190a8476dc37ac8e9b8.zip | |
Merge branch 'sec/2020.06.02' into 'master'
Security updates for 2020.06.02
See merge request adelie/packages!464
Diffstat (limited to 'user/libexif/CVE-2016-6328.patch')
| -rw-r--r-- | user/libexif/CVE-2016-6328.patch | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/user/libexif/CVE-2016-6328.patch b/user/libexif/CVE-2016-6328.patch deleted file mode 100644 index 0568f27d2..000000000 --- a/user/libexif/CVE-2016-6328.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 -From: Marcus Meissner <marcus@jet.franken.de> -Date: Tue, 25 Jul 2017 23:44:44 +0200 -Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax - makernote entries. - -This should fix: -https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 ---- - libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c -index d03d159..ea0429a 100644 ---- a/libexif/pentax/mnote-pentax-entry.c -+++ b/libexif/pentax/mnote-pentax-entry.c -@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - case EXIF_FORMAT_SHORT: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 2) -+ break; - vs = exif_get_short (data, entry->order); - snprintf (val+len, maxlen-len, "%i ", vs); - len = strlen(val); - data += 2; -+ sizeleft -= 2; - } - } - break; - case EXIF_FORMAT_LONG: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 4) -+ break; - vl = exif_get_long (data, entry->order); - snprintf (val+len, maxlen-len, "%li", (long int) vl); - len = strlen(val); - data += 4; -+ sizeleft -= 4; - } - } - break; -@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - break; - } - -- return (val); -+ return val; - } |