diff options
| author | Max Rees <maxcrees@me.com> | 2020-06-10 12:08:13 -0500 |
|---|---|---|
| committer | Max Rees <maxcrees@me.com> | 2020-06-10 17:10:38 -0500 |
| commit | ddb2347a2da3758bfd6bc10dabf5e636c638626a (patch) | |
| tree | bcc7bbfeda6e155b8238b16b3cc0caf82e68e967 /user/libexif/CVE-2016-6328.patch | |
| parent | ecbcfd73ac4ced9aff3683017b45536c7a5ebdc6 (diff) | |
| download | packages-ddb2347a2da3758bfd6bc10dabf5e636c638626a.tar.gz packages-ddb2347a2da3758bfd6bc10dabf5e636c638626a.tar.bz2 packages-ddb2347a2da3758bfd6bc10dabf5e636c638626a.tar.xz packages-ddb2347a2da3758bfd6bc10dabf5e636c638626a.zip | |
user/libexif: [CVE] bump to 0.6.22 (#285)
Upstream is now on GitHub according to the old SF page: "Development
has moved to https://github.com/libexif/"
Diffstat (limited to 'user/libexif/CVE-2016-6328.patch')
| -rw-r--r-- | user/libexif/CVE-2016-6328.patch | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/user/libexif/CVE-2016-6328.patch b/user/libexif/CVE-2016-6328.patch deleted file mode 100644 index 0568f27d2..000000000 --- a/user/libexif/CVE-2016-6328.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 -From: Marcus Meissner <marcus@jet.franken.de> -Date: Tue, 25 Jul 2017 23:44:44 +0200 -Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax - makernote entries. - -This should fix: -https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 ---- - libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c -index d03d159..ea0429a 100644 ---- a/libexif/pentax/mnote-pentax-entry.c -+++ b/libexif/pentax/mnote-pentax-entry.c -@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - case EXIF_FORMAT_SHORT: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 2) -+ break; - vs = exif_get_short (data, entry->order); - snprintf (val+len, maxlen-len, "%i ", vs); - len = strlen(val); - data += 2; -+ sizeleft -= 2; - } - } - break; - case EXIF_FORMAT_LONG: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 4) -+ break; - vl = exif_get_long (data, entry->order); - snprintf (val+len, maxlen-len, "%li", (long int) vl); - len = strlen(val); - data += 4; -+ sizeleft -= 4; - } - } - break; -@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - break; - } - -- return (val); -+ return val; - } |