Fix CVE-2021-32142
This commit is contained in:
starlet-dx
parent
bf4e625f59
commit
35c14b7096
37
CVE-2021-32142.patch
Normal file
37
CVE-2021-32142.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 Mon Sep 17 00:00:00 2001
|
||||
From: Alex Tutubalin <lexa@lexa.ru>
|
||||
Date: Mon, 12 Apr 2021 13:21:52 +0300
|
||||
Subject: [PATCH] check for input buffer size on datastream::gets
|
||||
|
||||
---
|
||||
src/libraw_datastream.cpp | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
|
||||
index a5c1a84a..a31ae9dd 100644
|
||||
--- a/src/libraw_datastream.cpp
|
||||
+++ b/src/libraw_datastream.cpp
|
||||
@@ -287,6 +287,7 @@ INT64 LibRaw_file_datastream::tell()
|
||||
|
||||
char *LibRaw_file_datastream::gets(char *str, int sz)
|
||||
{
|
||||
+ if(sz<1) return NULL;
|
||||
LR_STREAM_CHK();
|
||||
std::istream is(f.get());
|
||||
is.getline(str, sz);
|
||||
@@ -421,6 +422,7 @@ INT64 LibRaw_buffer_datastream::tell()
|
||||
|
||||
char *LibRaw_buffer_datastream::gets(char *s, int sz)
|
||||
{
|
||||
+ if(sz<1) return NULL;
|
||||
unsigned char *psrc, *pdest, *str;
|
||||
str = (unsigned char *)s;
|
||||
psrc = buf + streampos;
|
||||
@@ -618,6 +620,7 @@ INT64 LibRaw_bigfile_datastream::tell()
|
||||
|
||||
char *LibRaw_bigfile_datastream::gets(char *str, int sz)
|
||||
{
|
||||
+ if(sz<1) return NULL;
|
||||
LR_BF_CHK();
|
||||
return fgets(str, sz, f);
|
||||
}
|
||||
@ -1,6 +1,6 @@
|
||||
Name: LibRaw
|
||||
Version: 0.20.2
|
||||
Release: 5
|
||||
Release: 6
|
||||
Summary: Library for reading RAW files obtained from digital photo cameras
|
||||
License: BSD and (CDDL-1.0 or LGPLv2)
|
||||
URL: http://www.libraw.org
|
||||
@ -9,6 +9,8 @@ Patch0000: prevent-buffer-overrun-in-parse_rollei.patch
|
||||
Patch0001: fix-stack-buffer-overflow-in-LibRaw_buffer_datastream_gets.patch
|
||||
Patch0002: fix-use-of-uninitialized-value.patch
|
||||
Patch0003: CVE-2023-1729.patch
|
||||
# https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49
|
||||
Patch0004: CVE-2021-32142.patch
|
||||
BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg)
|
||||
BuildRequires: autoconf automake libtool
|
||||
Provides: bundled(dcraw) = 9.25
|
||||
@ -69,6 +71,9 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o
|
||||
%exclude %{_docdir}/libraw/*
|
||||
|
||||
%changelog
|
||||
* Tue Mar 26 2024 yaoxin <yao_xin001@hoperun.com> - 0.20.2-6
|
||||
- Fix CVE-2021-32142
|
||||
|
||||
* Mon May 15 2023 yaoxin <yao_xin001@hoperun.com> - 0.20.2-5
|
||||
- Fix CVE-2023-1729
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user