diff options
author | Ross Burton <ross@burtonini.com> | 2022-01-25 17:58:25 +0000 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2022-02-04 11:16:41 +0800 |
commit | 2948fdb7df4eb5824a06c1d73c6c70b3bcbb9448 (patch) | |
tree | 3a57147ce780e6279daccc447b897a3509aababf /meta/recipes-multimedia/libtiff | |
parent | 18a43fe970b691250fbf48f39ed5f4f7ad121b75 (diff) | |
download | openembedded-core-contrib-2948fdb7df4eb5824a06c1d73c6c70b3bcbb9448.tar.gz |
tiff: backport fix for CVE-2022-22844
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit daf2880b7431aa641e02ebba8cbca40d81389088)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-multimedia/libtiff')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch | 43 | ||||
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 3 |
2 files changed, 45 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch b/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch new file mode 100644 index 0000000000..72776f09ba --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch @@ -0,0 +1,43 @@ +CVE: CVE-2022-22844 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001 +From: 4ugustus <wangdw.augustus@qq.com> +Date: Tue, 25 Jan 2022 16:25:28 +0000 +Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where + count is required (fixes #355) + +--- + tools/tiffset.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/tools/tiffset.c b/tools/tiffset.c +index 8c9e23c5..e7a88c09 100644 +--- a/tools/tiffset.c ++++ b/tools/tiffset.c +@@ -146,9 +146,19 @@ main(int argc, char* argv[]) + + arg_index++; + if (TIFFFieldDataType(fip) == TIFF_ASCII) { +- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1) +- fprintf( stderr, "Failed to set %s=%s\n", +- TIFFFieldName(fip), argv[arg_index] ); ++ if(TIFFFieldPassCount( fip )) { ++ size_t len; ++ len = strlen(argv[arg_index]) + 1; ++ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip), ++ (uint16_t)len, argv[arg_index]) != 1) ++ fprintf( stderr, "Failed to set %s=%s\n", ++ TIFFFieldName(fip), argv[arg_index] ); ++ } else { ++ if (TIFFSetField(tiff, TIFFFieldTag(fip), ++ argv[arg_index]) != 1) ++ fprintf( stderr, "Failed to set %s=%s\n", ++ TIFFFieldName(fip), argv[arg_index] ); ++ } + } else if (TIFFFieldWriteCount(fip) > 0 + || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { + int ret = 1; +-- +2.25.1 diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 6852758c6a..ef8e8460fb 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -9,7 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf" CVE_PRODUCT = "libtiff" SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ - " + file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch" + SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" # exclude betas |