libtiff/SOURCES/0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch

31 lines
1.0 KiB
Diff

From b57347d203cf577a3abb02cb62aee84b82903fcf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Mu=C5=BEila?= <mmuzila@redhat.com>
Date: Thu, 23 Nov 2023 11:05:35 +0100
Subject: [PATCH] (CVE-2023-6228) Merge branch
'fix_606_tiffcp_check_also_input_compression_codec' into 'master'
tiffcp: Fixes #606. Check also codec of input image, not only from output image.
Closes #606
See merge request libtiff/libtiff!533
(cherry picked from commit 668d2c1a52fa48658bbf69615924b42b5a059f9e)
---
tools/tiffcp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
index 07ed0ebc..9973dd4e 100644
--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
@@ -732,6 +732,8 @@ tiffcp(TIFF* in, TIFF* out)
if( !TIFFIsCODECConfigured(compression) )
return FALSE;
TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
+ if (!TIFFIsCODECConfigured(input_compression))
+ return FALSE;
TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
if (input_compression == COMPRESSION_JPEG) {
/* Force conversion to RGB */