tiff: Security fix for CVE-2017-7593
(From OE-Core rev: b6ec8ab42befaa07c859a5c5cc14611b821a1304) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
2aed68963f
commit
a2ad903fa9
|
@ -0,0 +1,98 @@
|
|||
From d60332057b9575ada4f264489582b13e30137be1 Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Wed, 11 Jan 2017 19:02:49 +0000
|
||||
Subject: [PATCH] * libtiff/tiffiop.h, tif_unix.c, tif_win32.c, tif_vms.c: add
|
||||
_TIFFcalloc()
|
||||
|
||||
* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
|
||||
initialize tif_rawdata.
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
CVE: CVE-2017-7593
|
||||
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
|
||||
Index: tiff-4.0.7/ChangeLog
|
||||
===================================================================
|
||||
--- tiff-4.0.7.orig/ChangeLog 2017-04-25 19:03:20.584155452 +0530
|
||||
+++ tiff-4.0.7/ChangeLog 2017-04-26 12:09:41.986866896 +0530
|
||||
@@ -44,6 +44,14 @@
|
||||
|
||||
2017-01-11 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
+ * libtiff/tiffiop.h, tif_unix.c, tif_win32.c : add _TIFFcalloc()
|
||||
+
|
||||
+ * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
|
||||
+ initialize tif_rawdata.
|
||||
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
|
||||
+
|
||||
+2017-01-11 Even Rouault <even.rouault at spatialys.com>
|
||||
+
|
||||
* libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
|
||||
avoid UndefinedBehaviorSanitizer warning.
|
||||
Patch by Nicolas Pena.
|
||||
Index: tiff-4.0.7/libtiff/tif_read.c
|
||||
===================================================================
|
||||
--- tiff-4.0.7.orig/libtiff/tif_read.c 2017-04-25 19:03:20.584155452 +0530
|
||||
+++ tiff-4.0.7/libtiff/tif_read.c 2017-04-26 12:11:42.814863729 +0530
|
||||
@@ -986,7 +986,9 @@
|
||||
"Invalid buffer size");
|
||||
return (0);
|
||||
}
|
||||
- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
|
||||
+ /* Initialize to zero to avoid uninitialized buffers in case of */
|
||||
+ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
|
||||
+ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
|
||||
tif->tif_flags |= TIFF_MYBUFFER;
|
||||
}
|
||||
if (tif->tif_rawdata == NULL) {
|
||||
Index: tiff-4.0.7/libtiff/tif_unix.c
|
||||
===================================================================
|
||||
--- tiff-4.0.7.orig/libtiff/tif_unix.c 2015-08-29 03:46:22.707817041 +0530
|
||||
+++ tiff-4.0.7/libtiff/tif_unix.c 2017-04-26 12:13:07.442861510 +0530
|
||||
@@ -316,6 +316,14 @@
|
||||
return (malloc((size_t) s));
|
||||
}
|
||||
|
||||
+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
|
||||
+{
|
||||
+ if( nmemb == 0 || siz == 0 )
|
||||
+ return ((void *) NULL);
|
||||
+
|
||||
+ return calloc((size_t) nmemb, (size_t)siz);
|
||||
+}
|
||||
+
|
||||
void
|
||||
_TIFFfree(void* p)
|
||||
{
|
||||
Index: tiff-4.0.7/libtiff/tif_win32.c
|
||||
===================================================================
|
||||
--- tiff-4.0.7.orig/libtiff/tif_win32.c 2015-08-29 03:46:22.730570169 +0530
|
||||
+++ tiff-4.0.7/libtiff/tif_win32.c 2017-04-26 12:14:12.918859794 +0530
|
||||
@@ -360,6 +360,14 @@
|
||||
return (malloc((size_t) s));
|
||||
}
|
||||
|
||||
+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
|
||||
+{
|
||||
+ if( nmemb == 0 || siz == 0 )
|
||||
+ return ((void *) NULL);
|
||||
+
|
||||
+ return calloc((size_t) nmemb, (size_t)siz);
|
||||
+}
|
||||
+
|
||||
void
|
||||
_TIFFfree(void* p)
|
||||
{
|
||||
Index: tiff-4.0.7/libtiff/tiffio.h
|
||||
===================================================================
|
||||
--- tiff-4.0.7.orig/libtiff/tiffio.h 2016-01-24 21:09:51.894442042 +0530
|
||||
+++ tiff-4.0.7/libtiff/tiffio.h 2017-04-26 12:15:55.034857117 +0530
|
||||
@@ -293,6 +293,7 @@
|
||||
*/
|
||||
|
||||
extern void* _TIFFmalloc(tmsize_t s);
|
||||
+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
|
||||
extern void* _TIFFrealloc(void* p, tmsize_t s);
|
||||
extern void _TIFFmemset(void* p, int v, tmsize_t c);
|
||||
extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
|
|
@ -26,6 +26,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
|
|||
file://CVE-2017-7598.patch \
|
||||
file://CVE-2017-7601.patch \
|
||||
file://CVE-2017-7602.patch \
|
||||
file://CVE-2017-7593.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b"
|
||||
|
|
Loading…
Reference in New Issue