Patch for CVE-2020-24890.
This commit is contained in:
parent
1d4e620148
commit
4241ce166c
97
78d323ecbe6a9752aee6e97118a76d40704d73ee.patch
Normal file
97
78d323ecbe6a9752aee6e97118a76d40704d73ee.patch
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
From 78d323ecbe6a9752aee6e97118a76d40704d73ee Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Tutubalin <lexa@lexa.ru>
|
||||||
|
Date: Thu, 20 Aug 2020 15:24:40 +0300
|
||||||
|
Subject: [PATCH] Additional checks in hassy model parser
|
||||||
|
|
||||||
|
---
|
||||||
|
src/metadata/hasselblad_model.cpp | 39 ++++++++++++++++++++-----------
|
||||||
|
1 file changed, 26 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/metadata/hasselblad_model.cpp b/src/metadata/hasselblad_model.cpp
|
||||||
|
index 979f56c6..f1cd0d6d 100644
|
||||||
|
--- a/src/metadata/hasselblad_model.cpp
|
||||||
|
+++ b/src/metadata/hasselblad_model.cpp
|
||||||
|
@@ -93,7 +93,7 @@ static const char *Hasselblad_SensorEnclosures[] = {
|
||||||
|
int norm_model_isSet = 0;
|
||||||
|
|
||||||
|
if (model[0] == ' ')
|
||||||
|
- memmove(model, model+1, strlen(model));
|
||||||
|
+ memmove(model, model+1, MIN(sizeof(model)-1,strlen(model)));
|
||||||
|
|
||||||
|
if (!imHassy.format) {
|
||||||
|
if (dng_version) {
|
||||||
|
@@ -116,49 +116,62 @@ static const char *Hasselblad_SensorEnclosures[] = {
|
||||||
|
memmove(imHassy.SensorUnitConnector, imHassy.SensorUnitConnector+11, 64-11);
|
||||||
|
|
||||||
|
if (imHassy.format == LIBRAW_HF_AdobeDNG) { // Adobe DNG, use LocalizedCameraModel
|
||||||
|
+ imgdata.color.LocalizedCameraModel[63] = 0; // make sure 0-termination
|
||||||
|
if ((ps = strrchr(imgdata.color.LocalizedCameraModel, '-')))
|
||||||
|
c = ps-imgdata.color.LocalizedCameraModel;
|
||||||
|
else c = strlen(imgdata.color.LocalizedCameraModel);
|
||||||
|
- memcpy(tmp_model, imgdata.color.LocalizedCameraModel, c);
|
||||||
|
- tmp_model[c] = 0;
|
||||||
|
+ int cc = MIN(c, sizeof(tmp_model)-1);
|
||||||
|
+ memcpy(tmp_model, imgdata.color.LocalizedCameraModel,cc);
|
||||||
|
+ tmp_model[cc] = 0;
|
||||||
|
if (strcasestr(imgdata.color.UniqueCameraModel, "coated")) {
|
||||||
|
- strcpy(normalized_model, imgdata.color.UniqueCameraModel);
|
||||||
|
+ strncpy(normalized_model, imgdata.color.UniqueCameraModel,sizeof(imgdata.color.UniqueCameraModel)-1);
|
||||||
|
+ normalized_model[sizeof(imgdata.color.UniqueCameraModel) - 1] = 0;
|
||||||
|
norm_model_isSet = 1;
|
||||||
|
}
|
||||||
|
if (!strncmp(normalized_model, "Hasselblad ", 11))
|
||||||
|
memmove(normalized_model, normalized_model+11, 64-11);
|
||||||
|
- } else
|
||||||
|
- strcpy(tmp_model, imgdata.color.UniqueCameraModel);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ strncpy(tmp_model, imgdata.color.UniqueCameraModel, sizeof(imgdata.color.UniqueCameraModel) - 1);
|
||||||
|
+ tmp_model[63] = 0;
|
||||||
|
+ }
|
||||||
|
if (!strncasecmp(tmp_model, "Hasselblad ", 11))
|
||||||
|
memmove(tmp_model, tmp_model+11, 64-11);
|
||||||
|
|
||||||
|
// check if model tag contains manual CaptureSequenceInitiator info:
|
||||||
|
- strcpy(imHassy.CaptureSequenceInitiator, model);
|
||||||
|
+ strncpy(imHassy.CaptureSequenceInitiator, model,31);
|
||||||
|
+ imHassy.CaptureSequenceInitiator[31] = 0;
|
||||||
|
FORC(int(sizeof Hasselblad_Ctrl / sizeof *Hasselblad_Ctrl)) {
|
||||||
|
if (strcasestr(model, Hasselblad_Ctrl[c])) {
|
||||||
|
// yes, fill 'model' with sensor unit data
|
||||||
|
- strcpy(model, tmp_model);
|
||||||
|
+ strncpy(model, tmp_model,63);
|
||||||
|
+ model[63] = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ps = strchr(model, '-');
|
||||||
|
if (ps) { // check if model contains both host body and sensor version, resolution, MS info
|
||||||
|
- strcpy(imHassy.SensorUnit, model);
|
||||||
|
+ strncpy(imHassy.SensorUnit, model,63);
|
||||||
|
memcpy(imHassy.HostBody, model, ps-model);
|
||||||
|
imHassy.HostBody[ps-model] = 0;
|
||||||
|
if (!strncmp(ps-2, "II-", 3))
|
||||||
|
ps -=2;
|
||||||
|
- strcpy(imHassy.Sensor, ps);
|
||||||
|
+ strncpy(imHassy.Sensor, ps,7);
|
||||||
|
+ imHassy.Sensor[7] = 0;
|
||||||
|
add_MP_toName = 0;
|
||||||
|
} else { // model contains host body only
|
||||||
|
- strcpy(imHassy.HostBody, model);
|
||||||
|
+ strncpy(imHassy.HostBody, model,63);
|
||||||
|
+ imHassy.HostBody[63] = 0;
|
||||||
|
// fill 'model' with sensor unit data
|
||||||
|
- strcpy(model, tmp_model);
|
||||||
|
+ strncpy(model, tmp_model,63);
|
||||||
|
+ model[63] = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!strncmp(model, "503CWD", 6)) {
|
||||||
|
- strcpy(imHassy.HostBody, model);
|
||||||
|
+ strncpy(imHassy.HostBody, model,63);
|
||||||
|
+ imHassy.HostBody[63] = 0;
|
||||||
|
ilm.CameraFormat = LIBRAW_FORMAT_66;
|
||||||
|
ilm.CameraMount = LIBRAW_MOUNT_Hasselblad_V;
|
||||||
|
if (model[6] == 'I' && model[7] == 'I')
|
@ -7,7 +7,7 @@
|
|||||||
Summary: Library for reading RAW files obtained from digital photo cameras
|
Summary: Library for reading RAW files obtained from digital photo cameras
|
||||||
Name: LibRaw
|
Name: LibRaw
|
||||||
Version: 0.20.0
|
Version: 0.20.0
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: BSD and (CDDL or LGPLv2)
|
License: BSD and (CDDL or LGPLv2)
|
||||||
URL: http://www.libraw.org
|
URL: http://www.libraw.org
|
||||||
|
|
||||||
@ -20,6 +20,8 @@ BuildRequires: autoconf automake libtool
|
|||||||
#Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
|
#Source0: http://www.libraw.org/data/%{name}-%{version}.tar.gz
|
||||||
Source0: http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz
|
Source0: http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz
|
||||||
Patch0: LibRaw-pkgconfig.patch
|
Patch0: LibRaw-pkgconfig.patch
|
||||||
|
# For CVE-2020-24890
|
||||||
|
Patch1: 78d323ecbe6a9752aee6e97118a76d40704d73ee.patch
|
||||||
Provides: bundled(dcraw) = 9.25
|
Provides: bundled(dcraw) = 9.25
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -114,6 +116,9 @@ rm -fv %{buildroot}%{_libdir}/lib*.la
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 24 2020 Gwyn Ciesla <gwync@protonmail.com> - 0.20.0-3
|
||||||
|
- Patch for CVE-2020-24890.
|
||||||
|
|
||||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.20.0-2
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.20.0-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user