Resolves: CVE-2018-10360 - fix out-of-bounds read via a crafted ELF file

file-5.33-CVE-2018-10360.patch

@@ -0,0 +1,28 @@
+From 8616080aecf07436e80a27f68c336382c1d1c22d Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Sat, 9 Jun 2018 16:00:06 +0000
+Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis)
+
+Upstream-commit: a642587a9c9e2dd7feacdf513c3643ce26ad3c22
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/readelf.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 3df0836..d96a538 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -825,7 +825,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+ 
+ 				cname = (unsigned char *)
+ 				    &nbuf[doff + prpsoffsets(i)];
+-				for (cp = cname; *cp && isprint(*cp); cp++)
++				for (cp = cname; cp < nbuf + size && *cp
++				    && isprint(*cp); cp++)
+ 					continue;
+ 				/*
+ 				 * Linux apparently appends a space at the end
+-- 
+2.14.4
+

file.spec

@@ -15,7 +15,7 @@
 Summary: A utility for determining file types
 Name: file
 Version: 5.33
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: BSD
 Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
 
@@ -33,6 +33,9 @@ Patch4: file-5.33-seccomp.patch
 # do not classify shared libraries as pie executables (#1581343)
 Patch5: file-5.33-pie-executable-revert.patch
 
+# fix out-of-bounds read via a crafted ELF file (CVE-2018-10360)
+Patch6: file-5.33-CVE-2018-10360.patch
+
 URL: http://www.darwinsys.com/file/
 Requires: file-libs = %{version}-%{release}
 BuildRequires: zlib-devel
@@ -209,6 +212,9 @@ cd %{py3dir}
 %endif
 
 %changelog
+* Wed Jun 13 2018 Kamil Dudka <kdudka@redhat.com> - 5.33-7
+- fix out-of-bounds read via a crafted ELF file (CVE-2018-10360)
+
 * Mon May 28 2018 Kamil Dudka <kdudka@redhat.com> - 5.33-6
 - make file-devel depend on file-libs, instead of file
 - reintroduce file-static subpackage (#1575661)