mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
fabd0327d1
patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz: Rebuilt.
This update fixes security issues:
A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
gets(char*, int), which could lead to privilege escalation or application
crash.
A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
application crash by maliciously crafted input file.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-32142
https://www.cve.org/CVERecord?id=CVE-2023-1729
(* Security fix *)
37 lines
1.1 KiB
Diff
37 lines
1.1 KiB
Diff
From bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 Mon Sep 17 00:00:00 2001
|
|
From: Alex Tutubalin <lexa@lexa.ru>
|
|
Date: Mon, 12 Apr 2021 13:21:52 +0300
|
|
Subject: [PATCH] check for input buffer size on datastream::gets
|
|
|
|
---
|
|
src/libraw_datastream.cpp | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
|
|
index a5c1a84a..a31ae9dd 100644
|
|
--- a/src/libraw_datastream.cpp
|
|
+++ b/src/libraw_datastream.cpp
|
|
@@ -287,6 +287,7 @@ INT64 LibRaw_file_datastream::tell()
|
|
|
|
char *LibRaw_file_datastream::gets(char *str, int sz)
|
|
{
|
|
+ if(sz<1) return NULL;
|
|
LR_STREAM_CHK();
|
|
std::istream is(f.get());
|
|
is.getline(str, sz);
|
|
@@ -421,6 +422,7 @@ INT64 LibRaw_buffer_datastream::tell()
|
|
|
|
char *LibRaw_buffer_datastream::gets(char *s, int sz)
|
|
{
|
|
+ if(sz<1) return NULL;
|
|
unsigned char *psrc, *pdest, *str;
|
|
str = (unsigned char *)s;
|
|
psrc = buf + streampos;
|
|
@@ -618,6 +620,7 @@ INT64 LibRaw_bigfile_datastream::tell()
|
|
|
|
char *LibRaw_bigfile_datastream::gets(char *str, int sz)
|
|
{
|
|
+ if(sz<1) return NULL;
|
|
LR_BF_CHK();
|
|
return fgets(str, sz, f);
|
|
}
|