fix #1155464 - fix for CVE-2014-3710

file-5.20-CVE-2014-3710.patch

@@ -0,0 +1,28 @@
+From 39c7ac1106be844a5296d3eb5971946cc09ffda0 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Fri, 17 Oct 2014 15:49:00 +0000
+Subject: [PATCH] Fix note bounds reading, Francisco Alonso / Red Hat
+
+---
+ ChangeLog     | 4 ++++
+ src/readelf.c | 9 ++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 08f81f5..9ebdebd 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
+ 	uint32_t namesz, descsz;
+ 	unsigned char *nbuf = CAST(unsigned char *, vbuf);
+ 
++	if (xnh_sizeof + offset > size) {
++		/*
++		 * We're out of note headers.
++		 */
++		return xnh_sizeof + offset;
++	}
++
+ 	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
+ 	offset += xnh_sizeof;
+ 

file.spec

@@ -4,7 +4,7 @@
 Summary: A utility for determining file types
 Name: file
 Version: 5.19
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: BSD
 Group: Applications/File
 Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@@ -24,6 +24,7 @@ Patch11: file-5.19-locale-archive.patch
 Patch12: file-5.19-msooxml.patch
 Patch13: file-5.19-python-3.4.patch
 Patch14: file-5.19-cafebabe.patch
+Patch15: file-5.20-CVE-2014-3710.patch
 URL: http://www.darwinsys.com/file/
 Requires: file-libs = %{version}-%{release}
 BuildRequires: zlib-devel
@@ -98,6 +99,7 @@ file(1) command.
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
 
 # Patches can generate *.orig files, which can't stay in the magic dir,
 # otherwise there will be problems with compiling magic file!
@@ -206,6 +208,9 @@ cd %{py3dir}
 %endif
 
 %changelog
+* Thu Oct 23 2014 Jan Kaluza <jkaluza@redhat.com> - 5.19-7
+- fix #1155464 - fix for CVE-2014-3710
+
 * Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 5.19-6
 - fix #1134580 - detect Mach-O universal binary