Patch for CVE-2020-15365

This commit is contained in:
Gwyn Ciesla 2020-06-29 13:27:05 -05:00
parent 5b3b91134a
commit 3a24defb0f
2 changed files with 59 additions and 1 deletions

View File

@ -0,0 +1,54 @@
From 55f0a0c08974b8b79ebfa7762b555a1704b25fb2 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Tue, 16 Jun 2020 13:17:00 +0300
Subject: [PATCH] possible buffer underrun in exif parser
---
src/metadata/cr3_parser.cpp | 2 +-
src/metadata/exif_gps.cpp | 13 +++++++++----
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/metadata/cr3_parser.cpp b/src/metadata/cr3_parser.cpp
index 33983e62..ee209bf3 100644
--- a/src/metadata/cr3_parser.cpp
+++ b/src/metadata/cr3_parser.cpp
@@ -83,7 +83,7 @@ void LibRaw::selectCRXTrack(short maxTrack)
int tiff_idx = -1;
INT64 tpixels = 0;
- for (int i = 0; i < tiff_nifds; i++)
+ for (int i = 0; i < tiff_nifds && i < LIBRAW_IFD_MAXCOUNT; i++)
if (INT64(tiff_ifd[i].t_height) * INT64(tiff_ifd[i].t_height) > tpixels)
{
tpixels = INT64(tiff_ifd[i].t_height) * INT64(tiff_ifd[i].t_height);
diff --git a/src/metadata/exif_gps.cpp b/src/metadata/exif_gps.cpp
index 6fbe1f32..98327969 100644
--- a/src/metadata/exif_gps.cpp
+++ b/src/metadata/exif_gps.cpp
@@ -164,7 +164,9 @@ void LibRaw::parse_exif(int base)
imgdata.lens.EXIF_MaxAp = libraw_powf64l(2.0f, (getreal(type) / 2.0f));
break;
case 0x829a: // 33434
- tiff_ifd[tiff_nifds - 1].t_shutter = shutter = getreal(type);
+ shutter = getreal(type);
+ if (tiff_nifds > 0 && tiff_nifds <= LIBRAW_IFD_MAXCOUNT)
+ tiff_ifd[tiff_nifds - 1].t_shutter = shutter;
break;
case 0x829d: // 33437, FNumber
aperture = getreal(type);
@@ -186,9 +188,12 @@ void LibRaw::parse_exif(int base)
get_timestamp(0);
break;
case 0x9201: // 37377
- if ((expo = -getreal(type)) < 128 && shutter == 0.)
- tiff_ifd[tiff_nifds - 1].t_shutter = shutter =
- libraw_powf64l(2.0, expo);
+ if ((expo = -getreal(type)) < 128 && shutter == 0.)
+ {
+ shutter = libraw_powf64l(2.0, expo);
+ if (tiff_nifds > 0 && tiff_nifds <= LIBRAW_IFD_MAXCOUNT)
+ tiff_ifd[tiff_nifds - 1].t_shutter = shutter;
+ }
break;
case 0x9202: // 37378 ApertureValue
if ((fabs(ape = getreal(type)) < 256.0) && (!aperture))

View File

@ -7,7 +7,7 @@
Summary: Library for reading RAW files obtained from digital photo cameras Summary: Library for reading RAW files obtained from digital photo cameras
Name: LibRaw Name: LibRaw
Version: 0.20 Version: 0.20
Release: 0.beta1%{?dist}.1 Release: 0.beta1%{?dist}.2
License: BSD and (CDDL or LGPLv2) License: BSD and (CDDL or LGPLv2)
URL: http://www.libraw.org URL: http://www.libraw.org
@ -20,6 +20,7 @@ BuildRequires: autoconf automake libtool
#Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz #Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
Source0: http://github.com/LibRaw/LibRaw/archive/%{version}-Beta1.tar.gz Source0: http://github.com/LibRaw/LibRaw/archive/%{version}-Beta1.tar.gz
Patch0: LibRaw-pkgconfig.patch Patch0: LibRaw-pkgconfig.patch
Patch1: 55f0a0c08974b8b79ebfa7762b555a1704b25fb2.patch
Provides: bundled(dcraw) = 9.25 Provides: bundled(dcraw) = 9.25
%description %description
@ -116,6 +117,9 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
%changelog %changelog
* Mon Jun 29 2020 Gwyn Ciesla <gwync@protonmail.com>- 0.20-.beta1.2
- Patch for CVE-2020-15365
* Wed May 13 2020 Kalev Lember <klember@redhat.com> - 0.20-0.beta1.1 * Wed May 13 2020 Kalev Lember <klember@redhat.com> - 0.20-0.beta1.1
- Add back pkgconfig patch lost in the previous commit - Add back pkgconfig patch lost in the previous commit