Add upstream post-0.32.3 commit which appears to fix crash/DoS.

2018-03-13 13:18:30 +00:00 · 2018-03-13 13:18:30 +00:00 · 797550228a
commit 797550228a
parent 0af5872673
2 changed files with 95 additions and 0 deletions
--- a/0001-wrestool-Fix-get_resource_id_quoted-to-return-heap-a.patch
+++ b/0001-wrestool-Fix-get_resource_id_quoted-to-return-heap-a.patch
@ -0,0 +1,86 @@
+From d72956a6de228c91d1fc48fd15448fadea9ab6cf Mon Sep 17 00:00:00 2001
+From: Frank Richter <frank.richter@gmail.com>
+Date: Sat, 10 Mar 2018 14:08:37 +0100
+Subject: [PATCH] wrestool: Fix get_resource_id_quoted() to return
+ heap-allocated string
+
+---
+ NEWS                |  4 ++++
+ wrestool/restable.c | 21 +++++++++++++--------
+ 2 files changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 414bec4..086f8dc 100644
+--- a/NEWS
+++ b/NEWS
+@@ -1,3 +1,7 @@
+2018-??-??:
+  wrestool: Fix get_resource_id_quoted() to return heap-allocated string.
+   Found by Jonathan Liu.
+
+ 2018-03-07: icoutils 0.32.3 released.
+   Fixed a segfault. (Martin Gieseking, Savannah bug 52319)
+   Updated Gnulib stuff.
+diff --git a/wrestool/restable.c b/wrestool/restable.c
+index 0d47d94..4d99687 100644
+--- a/wrestool/restable.c
+++ b/wrestool/restable.c
+@@ -23,6 +23,7 @@
+ #define N_(s) gettext_noop(s)
+ #include "common/intutil.h"
+ #include "xalloc.h"		/* Gnulib */
+#include "xvasprintf.h"	/* Gnulib */
+ #include "minmax.h"		/* Gnulib */
+ #include "common/error.h"
+ #include "wrestool.h"
+@@ -125,6 +126,7 @@ print_resources_callback (WinLibrary *fi, WinResource *wr,
+     const char *type, *offset;
+     int32_t id;
+     size_t size;
+    char *type_quoted, *name_quoted, *lang_quoted;
+ 
+     /* get named resource type if possible */
+     type = NULL;
+@@ -136,28 +138,31 @@ print_resources_callback (WinLibrary *fi, WinResource *wr,
+     if (offset == NULL)
+         return;
+ 
+    type_quoted = get_resource_id_quoted(type_wr);
+    name_quoted = get_resource_id_quoted(name_wr);
+    lang_quoted = get_resource_id_quoted(lang_wr);
+     printf(_("--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%zu]\n"),
+-      get_resource_id_quoted(type_wr),
+-      get_resource_id_quoted(name_wr),
+      type_quoted,
+      name_quoted,
+       (lang_wr->id[0] != '\0' ? _(" --language=") : ""),
+-      get_resource_id_quoted(lang_wr),
+      lang_quoted,
+       (type != NULL ? "type=" : ""),
+       (type != NULL ? type : ""),
+       (type != NULL ? " " : ""),
+       (uint32_t) (offset - fi->memory), size);
+    free(type_quoted);
+    free(name_quoted);
+    free(lang_quoted);
+ }
+ 
+ /* return the resource id quoted if it's a string, otherwise just return it */
+ static char *
+ get_resource_id_quoted (WinResource *wr)
+ {
+-    static char tmp[WINRES_ID_MAXLEN+2];
+-
+     if (wr->numeric_id || wr->id[0] == '\0')
+-        return wr->id;
+        return xstrdup(wr->id);
+ 
+-    sprintf(tmp, "'%s'", wr->id);
+-    return tmp;
+    return xasprintf("'%s'", wr->id);
+ }
+ 
+ static bool
+-- 
+2.13.2
+
--- a/icoutils.spec
+++ b/icoutils.spec
@ -7,6 +7,10 @@ License:        GPLv3+
 URL:            http://www.nongnu.org/icoutils/
 Source0:        http://savannah.nongnu.org/download/%{name}/%{name}-%{version}.tar.bz2

+# Possible security fix, at minimum it's a DoS.
+# Upstream commit d72956a6de228c91d1fc48fd15448fadea9ab6cf
+Patch1:         0001-wrestool-Fix-get_resource_id_quoted-to-return-heap-a.patch
+
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  gcc
@ -25,6 +29,8 @@ libraries.
 %prep
 %setup -q

+%patch1 -p1
+
 autoreconf -i

 for f in AUTHORS NEWS; do
@ -53,6 +59,9 @@ make install DESTDIR=%{buildroot}


 %changelog
+* Tue Mar 13 2018 Richard W.M. Jones <rjones@redhat.com> - 0.32.3-2
+- Add upstream post-0.32.3 commit which appears to fix crash/DoS.
+
 * Mon Mar 12 2018 Martin Gieseking <martin.gieseking@uos.de> - 0.32.3-1
 - Updated to version 0.32.3.
 - Dropped patch to fix https://savannah.nongnu.org/bugs/?52319 (applied upstream)