rpms/qpdf
7
0
Fork 0
Code Issues Pull Requests Releases Activity

1454820 - CVE-2017-9208

Browse Source
This commit is contained in:
Zdenek Dohnal 2017-08-03 09:01:44 +02:00
parent 55d486b1d5
commit bfb8fcadbc
2 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
qpdf-6.0.0-CVE-2017-9208.patch Normal file
View File

@ -0,0 +1,36 @@
diff -up qpdf-6.0.0/libqpdf/QPDF.cc.CVE-2017-9208 qpdf-6.0.0/libqpdf/QPDF.cc
--- qpdf-6.0.0/libqpdf/QPDF.cc.CVE-2017-9208 2017-08-03 08:53:32.806072781 +0200
+++ qpdf-6.0.0/libqpdf/QPDF.cc 2017-08-03 08:55:39.529073703 +0200
@@ -1340,6 +1340,13 @@ QPDF::readObjectAtOffset(bool try_recove
objid = atoi(tobjid.getValue().c_str());
generation = atoi(tgen.getValue().c_str());
+ if (objid == 0)
+ {
+ throw QPDFExc(qpdf_e_damaged_pdf, this->file->getName(),
+ this->last_object_description, offset,
+ "object with ID 0");
+ }
+
if ((exp_objid >= 0) &&
(! ((objid == exp_objid) && (generation == exp_generation))))
{
diff -up qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc.CVE-2017-9208 qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc
--- qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc.CVE-2017-9208 2015-11-10 18:48:52.000000000 +0100
+++ qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc 2017-08-03 08:54:50.264499428 +0200
@@ -1090,6 +1090,15 @@ QPDFObjectHandle::parseInternal(PointerH
QPDFObjectHandle
QPDFObjectHandle::newIndirect(QPDF* qpdf, int objid, int generation)
{
+ if (objid == 0)
+ {
+ // Special case: QPDF uses objid 0 as a sentinel for direct
+ // objects, and the PDF specification doesn't allow for object
+ // 0. Treat indirect references to object 0 as null so that we
+ // never create an indirect object with objid 0.
+ return newNull();
+ }
+
return QPDFObjectHandle(qpdf, objid, generation);
}

3
qpdf.spec
View File

@ -9,6 +9,7 @@ Source0: http://downloads.sourceforge.net/sourceforge/qpdf/qpdf-%{version}.tar.g
Patch0: qpdf-doc.patch
Patch1: qpdf-6.0.0-detect-recursions.patch
Patch2: qpdf-6.0.0-CVE-2017-9208.patch
BuildRequires: zlib-devel
BuildRequires: pcre-devel
@ -65,6 +66,7 @@ QPDF Manual
# fix 'complete manual location' note in man pages
%patch0 -p1 -b .doc
%patch1 -p1 -b .detect-recursions
%patch2 -p1 -b .CVE-2017-9208
sed -i -e '1s,^#!/usr/bin/env perl,#!/usr/bin/perl,' qpdf/fix-qdf
@ -112,6 +114,7 @@ make check
%changelog
* Thu Aug 03 2017 Zdenek Dohnal <zdohnal@redhat.com> - 6.0.0-4
- 1477213 - Detect recursions loop resolving objects
- 1454820 - CVE-2017-9208
* Wed Aug 03 2016 Jiri Popelka <jpopelka@redhat.com> - 6.0.0-3
- %%{_defaultdocdir}/qpdf/ -> %%{_pkgdocdir}