Commit bab0ca74 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/exiv2: backport fix for CVE-2019-17402

fixes #11018
parent f853c4e3
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=exiv2
pkgver=0.26
pkgrel=0
pkgrel=1
pkgdesc="Exif and Iptc metadata manipulation library and tools."
url="http://exiv2.org"
arch="all"
......@@ -14,8 +14,13 @@ subpackages="$pkgname-dev $pkgname-doc"
source="http://www.exiv2.org/builds/exiv2-$pkgver-trunk.tar.gz
0000-pthread-init-fix.patch
0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch
CVE-2019-17402.patch
"
# secfixes:
# 0.26-r1:
# - CVE-2019-17402
builddir="$srcdir"/exiv2-trunk
prepare() {
default_prepare
......@@ -38,4 +43,5 @@ package() {
sha512sums="d1e9cab886e279b045768dd9ec781f07d2d36d573119403d0b76dc571442173aae6972f86ec55c3ea53fb3ee9ca3571eb8fd63a2a6643a970852813e88634a86 exiv2-0.26-trunk.tar.gz
9721d359708c385be7c86a8f8a63de43b05b2578a29b4339861e82873aa81a98a7ee7252847b6c55529341187d40f552c488589b416fd9d1e27418925929c018 0000-pthread-init-fix.patch
485bd340169f69a3ce356e59e9138250cc14592f4477bb73827c799fe465535954469634fc58a1856f690f0e0b4171cba6fdd3391d43c0efc5e89652b93eb3ce 0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch"
485bd340169f69a3ce356e59e9138250cc14592f4477bb73827c799fe465535954469634fc58a1856f690f0e0b4171cba6fdd3391d43c0efc5e89652b93eb3ce 0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch
b408ec85b5aa0fde6e08a277292ebde90f25b31605ba29039464e217c7f249d9ffeebfef9dc187955663d0b02ccafc020c16c4a5342cd38483816a1f9038c2d0 CVE-2019-17402.patch"
From cb2467834d118ae11526f7d24a699799ce5c4912 Mon Sep 17 00:00:00 2001
From: Jens Georg <mail@jensge.org>
Date: Sun, 6 Oct 2019 15:05:20 +0200
Subject: [PATCH 1/2] crwimage: Check offset and size against total size
Corrupted or specially crafted CRW images might exceed the overall
buffersize.
Fixes #1019
(cherry picked from commit 683451567284005cd24e1ccb0a76ca401000968b)
---
src/crwimage.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/crwimage.cpp b/src/crwimage.cpp
index 989c0eb8..a0978aaf 100644
--- a/src/crwimage.cpp
+++ b/src/crwimage.cpp
@@ -448,6 +448,9 @@ namespace Exiv2 {
#ifdef DEBUG
std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
#endif
+ if (this->offset() + this->size() > size)
+ throw Error(26);
+
readDirectory(pData + offset(), this->size(), byteOrder);
#ifdef DEBUG
std::cout << "<---- 0x" << std::hex << tag() << "\n";
--
2.24.1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment