Fix CVE-2019-6128 (#1667124)
This commit is contained in:
		
							parent
							
								
									1a878eb7ba
								
							
						
					
					
						commit
						3e70d60fe1
					
				
							
								
								
									
										49
									
								
								libtiff-CVE-2019-6128.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										49
									
								
								libtiff-CVE-2019-6128.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,49 @@ | ||||
| From 99cab41801c37588f67396d836c5b677aba498ce Mon Sep 17 00:00:00 2001 | ||||
| From: Scott Gayou <github.scott@gmail.com> | ||||
| Date: Wed, 23 Jan 2019 15:03:53 -0500 | ||||
| Subject: [PATCH] Fix for simple memory leak that was assigned CVE-2019-6128. | ||||
| 
 | ||||
| pal2rgb failed to free memory on a few errors. This was reported | ||||
| here: http://bugzilla.maptools.org/show_bug.cgi?id=2836. | ||||
| ---
 | ||||
|  tools/pal2rgb.c | 7 ++++++- | ||||
|  1 file changed, 6 insertions(+), 1 deletion(-) | ||||
| 
 | ||||
| diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
 | ||||
| index 01d8502..9492f1c 100644
 | ||||
| --- a/tools/pal2rgb.c
 | ||||
| +++ b/tools/pal2rgb.c
 | ||||
| @@ -118,12 +118,14 @@ main(int argc, char* argv[])
 | ||||
|  	    shortv != PHOTOMETRIC_PALETTE) { | ||||
|  		fprintf(stderr, "%s: Expecting a palette image.\n", | ||||
|  		    argv[optind]); | ||||
| +		(void) TIFFClose(in);
 | ||||
|  		return (-1); | ||||
|  	} | ||||
|  	if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) { | ||||
|  		fprintf(stderr, | ||||
|  		    "%s: No colormap (not a valid palette image).\n", | ||||
|  		    argv[optind]); | ||||
| +		(void) TIFFClose(in);
 | ||||
|  		return (-1); | ||||
|  	} | ||||
|  	bitspersample = 0; | ||||
| @@ -131,11 +133,14 @@ main(int argc, char* argv[])
 | ||||
|  	if (bitspersample != 8) { | ||||
|  		fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n", | ||||
|  		    argv[optind]); | ||||
| +		(void) TIFFClose(in);
 | ||||
|  		return (-1); | ||||
|  	} | ||||
|  	out = TIFFOpen(argv[optind+1], "w"); | ||||
| -	if (out == NULL)
 | ||||
| +	if (out == NULL) {
 | ||||
| +		(void) TIFFClose(in);
 | ||||
|  		return (-2); | ||||
| +	}
 | ||||
|  	cpTags(in, out); | ||||
|  	TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth); | ||||
|  	TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength); | ||||
| -- 
 | ||||
| 2.17.2 | ||||
| 
 | ||||
| @ -1,7 +1,7 @@ | ||||
| Summary:       Library of functions for manipulating TIFF format image files | ||||
| Name:          libtiff | ||||
| Version:       4.0.10 | ||||
| Release:       1%{?dist} | ||||
| Release:       2%{?dist} | ||||
| License:       libtiff | ||||
| URL:           http://www.simplesystems.org/libtiff/ | ||||
| 
 | ||||
| @ -9,6 +9,7 @@ Source:        ftp://ftp.simplesystems.org/pub/libtiff/tiff-%{version}.tar.gz | ||||
| 
 | ||||
| Patch0:        libtiff-am-version.patch | ||||
| Patch1:        libtiff-make-check.patch | ||||
| Patch2:        libtiff-CVE-2019-6128.patch | ||||
| 
 | ||||
| BuildRequires: gcc, gcc-c++ | ||||
| BuildRequires: zlib-devel libjpeg-devel jbigkit-devel | ||||
| @ -59,6 +60,7 @@ image files using the libtiff library. | ||||
| 
 | ||||
| %patch0 -p1 | ||||
| %patch1 -p1 | ||||
| %patch2 -p1 | ||||
| 
 | ||||
| # Use build system's libtool.m4, not the one in the package. | ||||
| rm -f libtool.m4 | ||||
| @ -163,6 +165,9 @@ find html -name 'Makefile*' | xargs rm | ||||
| %{_mandir}/man1/* | ||||
| 
 | ||||
| %changelog | ||||
| * Wed Jan 30 2019 Nikola Forró <nforro@redhat.com> - 4.0.10-2 | ||||
| - Fix CVE-2019-6128 (#1667124) | ||||
| 
 | ||||
| * Wed Nov 14 2018 Nikola Forró <nforro@redhat.com> - 4.0.10-1 | ||||
| - New upstream version libtiff-4.0.10 | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user