Fix CVE-2019-6128 (#1667124)

2019-01-30 15:02:10 +01:00 · 2019-01-30 15:02:10 +01:00 · 3e70d60fe1
commit 3e70d60fe1
parent 1a878eb7ba
2 changed files with 55 additions and 1 deletions
--- a/libtiff-CVE-2019-6128.patch
+++ b/libtiff-CVE-2019-6128.patch
@ -0,0 +1,49 @@
+From 99cab41801c37588f67396d836c5b677aba498ce Mon Sep 17 00:00:00 2001
+From: Scott Gayou <github.scott@gmail.com>
+Date: Wed, 23 Jan 2019 15:03:53 -0500
+Subject: [PATCH] Fix for simple memory leak that was assigned CVE-2019-6128.
+
+pal2rgb failed to free memory on a few errors. This was reported
+here: http://bugzilla.maptools.org/show_bug.cgi?id=2836.
+---
+ tools/pal2rgb.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
+index 01d8502..9492f1c 100644
+--- a/tools/pal2rgb.c
+++ b/tools/pal2rgb.c
+@@ -118,12 +118,14 @@ main(int argc, char* argv[])
+ 	    shortv != PHOTOMETRIC_PALETTE) {
+ 		fprintf(stderr, "%s: Expecting a palette image.\n",
+ 		    argv[optind]);
+		(void) TIFFClose(in);
+ 		return (-1);
+ 	}
+ 	if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) {
+ 		fprintf(stderr,
+ 		    "%s: No colormap (not a valid palette image).\n",
+ 		    argv[optind]);
+		(void) TIFFClose(in);
+ 		return (-1);
+ 	}
+ 	bitspersample = 0;
+@@ -131,11 +133,14 @@ main(int argc, char* argv[])
+ 	if (bitspersample != 8) {
+ 		fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n",
+ 		    argv[optind]);
+		(void) TIFFClose(in);
+ 		return (-1);
+ 	}
+ 	out = TIFFOpen(argv[optind+1], "w");
+-	if (out == NULL)
+	if (out == NULL) {
+		(void) TIFFClose(in);
+ 		return (-2);
+	}
+ 	cpTags(in, out);
+ 	TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth);
+ 	TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength);
+-- 
+2.17.2
+
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.0.10
-Release:       1%{?dist}
+Release:       2%{?dist}
 License:       libtiff
 URL:           http://www.simplesystems.org/libtiff/

@ -9,6 +9,7 @@ Source:        ftp://ftp.simplesystems.org/pub/libtiff/tiff-%{version}.tar.gz

 Patch0:        libtiff-am-version.patch
 Patch1:        libtiff-make-check.patch
+Patch2:        libtiff-CVE-2019-6128.patch

 BuildRequires: gcc, gcc-c++
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
@ -59,6 +60,7 @@ image files using the libtiff library.

 %patch0 -p1
 %patch1 -p1
+%patch2 -p1

 # Use build system's libtool.m4, not the one in the package.
 rm -f libtool.m4
@ -163,6 +165,9 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*

 %changelog
+* Wed Jan 30 2019 Nikola Forró <nforro@redhat.com> - 4.0.10-2
+- Fix CVE-2019-6128 (#1667124)
+
 * Wed Nov 14 2018 Nikola Forró <nforro@redhat.com> - 4.0.10-1
 - New upstream version libtiff-4.0.10