rpms/libexif
5
0
Fork 0
Code Issues Pull Requests Releases Activity

fix CVE-2007-6351 and CVE-2007-6352

Browse Source
This commit is contained in:
Matthias Clasen 2007-12-16 04:03:49 +00:00
parent 17b1ff9fcf
commit 3a16cdcbef
3 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cve-2007-6351.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 libexif-0.6.13/libexif/exif-loader.c
--- libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 2007-12-15 22:16:06.000000000 -0500
+++ libexif-0.6.13/libexif/exif-loader.c 2007-12-15 22:16:42.000000000 -0500
@@ -173,6 +173,9 @@ exif_loader_write (ExifLoader *eld, unsi
break;
}
+ if (!len)
+ return 1;
+
exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
"Scanning %i byte(s) of data...", len);

16
cve-2007-6352.patch Normal file
View File

@ -0,0 +1,16 @@
diff -up libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 libexif-0.6.13/libexif/exif-data.c
--- libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 2007-12-15 22:06:15.000000000 -0500
+++ libexif-0.6.13/libexif/exif-data.c 2007-12-15 22:07:27.000000000 -0500
@@ -285,10 +285,9 @@ static void
exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
unsigned int ds, ExifLong offset, ExifLong size)
{
- if (ds < offset + size) {
+ if ((ds < offset + size) || (offset < 0) || (size < 0) || (offset + size < offset)) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
- "Bogus thumbnail offset and size: %i < %i + %i.",
- (int) ds, (int) offset, (int) size);
+ "Bogus thumbnail offset and size");
return;
}
if (data->data)

11
libexif.spec
View File

@ -1,13 +1,15 @@
Summary: Library for extracting extra information from image files Summary: Library for extracting extra information from image files
Name: libexif Name: libexif
Version: 0.6.15 Version: 0.6.15
Release: 4%{?dist} Release: 5%{?dist}
Group: System Environment/Libraries Group: System Environment/Libraries
License: LGPLv2+ License: LGPLv2+
URL: http://libexif.sourceforge.net/ URL: http://libexif.sourceforge.net/
Source0: libexif-%{version}.tar.bz2 Source0: libexif-%{version}.tar.bz2
Source1: libexif-docs.tar.gz Source1: libexif-docs.tar.gz
Patch0: libexif-cve-2007-4168.patch Patch0: libexif-cve-2007-4168.patch
Patch1: cve-2007-6351.patch
Patch2: cve-2007-6352.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: doxygen BuildRequires: doxygen
@ -29,6 +31,9 @@ for writing programs that use libexif.
%prep %prep
%setup -q %setup -q
%patch0 -p1 -b .cve-2007-4168 %patch0 -p1 -b .cve-2007-4168
%patch1 -p1 -b .cve-2007-6351
%patch2 -p1 -b .cve-2007-6352
# to avoid multilib conflicts, we toss in pre-generated docs # to avoid multilib conflicts, we toss in pre-generated docs
# and neuter make all in the docs dir # and neuter make all in the docs dir
tar xzf %{SOURCE1} tar xzf %{SOURCE1}
@ -67,6 +72,10 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/pkgconfig/libexif.pc %{_libdir}/pkgconfig/libexif.pc
%changelog %changelog
* Sat Dec 15 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-5
- Add patch for CVE-2007-6351. Fixes bug #425641
- Add patch for CVE-2007-6352. Fixes bug #425641
* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 0.6.15-4 * Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 0.6.15-4
- Rebuild for selinux ppc32 issue. - Rebuild for selinux ppc32 issue.