packages/ghostscript
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!44 fix CVE-2023-28879

Browse Source 
From: @li_ning_jie 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2023-09-04 03:07:05 +00:00 committed by Gitee
commit eff493c4dd
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
CVE-2023-28879.patch Normal file
View File

@ -0,0 +1,41 @@
From 6d6fae79e016629b6c896463f62e7b1a6e651ed6 Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Thu, 24 Aug 2023 11:36:22 +0800
Subject: [PATCH] Bug #706494 "Buffer Overflow in s_xBCPE_process"
As described in detail in the bug report, if the write buffer is filled
to one byte less than full, and we then try to write an escaped
character, we overrun the buffer because we don't check before
writing two bytes to it.
This just checks if we have two bytes before starting to write an
escaped character and exits if we don't (replacing the consumed byte
of the input).
Up for further discussion; why do we even permit a BCP encoding filter
anyway ? I think we should remove this, at least when SAFER is true.
---
base/sbcp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/base/sbcp.c b/base/sbcp.c
index 6b0383c..3b8970f 100644
--- a/base/sbcp.c
+++ b/base/sbcp.c
@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
byte ch = *++p;
if (ch <= 31 && escaped[ch]) {
+ /* Make sure we have space to store two characters in the write buffer,
+ * if we don't then exit without consuming the input character, we'll process
+ * that on the next time round.
+ */
+ if (pw->limit - q < 2) {
+ p--;
+ break;
+ }
if (p == rlimit) {
p--;
break;
--
2.27.0

6
ghostscript.spec
View File

@ -9,7 +9,7 @@
Name: ghostscript Name: ghostscript
Version: 9.52 Version: 9.52
Release: 8 Release: 9
Summary: An interpreter for PostScript and PDF files Summary: An interpreter for PostScript and PDF files
License: AGPLv3+ License: AGPLv3+
URL: https://ghostscript.com/ URL: https://ghostscript.com/
@ -50,6 +50,7 @@ Patch31: backport-Fix-pdfwrite-d-mode-with-file-permissions.patch
Patch32: backport-Coverity-361429-move-break-to-correct-place.patch Patch32: backport-Coverity-361429-move-break-to-correct-place.patch
Patch33: backport-CVE-2021-3781-BUg-704342-Include-device-specifier-strings-in-acces.patch Patch33: backport-CVE-2021-3781-BUg-704342-Include-device-specifier-strings-in-acces.patch
Patch34: CVE-2023-38559.patch Patch34: CVE-2023-38559.patch
Patch35: CVE-2023-28879.patch
BuildRequires: automake gcc BuildRequires: automake gcc
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@ -210,6 +211,9 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
%{_bindir}/dvipdf %{_bindir}/dvipdf
%changelog %changelog
* Thu Aug 24 2023 liningjie <liningjie@xfusion.com> - 9.52-9
- fix CVE-2023-28879
* Tue Aug 15 2023 liningjie <liningjie@xfusion.com> - 9.52-8 * Tue Aug 15 2023 liningjie <liningjie@xfusion.com> - 9.52-8
- Type:CVE - Type:CVE
- ID:CVE-2023-38559 - ID:CVE-2023-38559