Patch CVE-2024-7006 in libtiff (#10139)
This commit is contained in:
Родитель
70d5339d18
Коммит
8d2001c2a0
|
@ -0,0 +1,60 @@
|
|||
From 818fb8ce881cf839fbc710f6690aadb992aa0f9e Mon Sep 17 00:00:00 2001
|
||||
From: Su_Laus <sulau@freenet.de>
|
||||
Date: Fri, 1 Dec 2023 20:12:25 +0100
|
||||
Subject: [PATCH] Check return value of _TIFFCreateAnonField().
|
||||
|
||||
Fixes #624
|
||||
---
|
||||
libtiff/tif_dirinfo.c | 2 +-
|
||||
libtiff/tif_dirread.c | 16 ++++++----------
|
||||
2 files changed, 7 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
|
||||
index 0e705e8..4cfdaad 100644
|
||||
--- a/libtiff/tif_dirinfo.c
|
||||
+++ b/libtiff/tif_dirinfo.c
|
||||
@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterField(TIFF *tif, uint32_t tag,
|
||||
if (fld == NULL)
|
||||
{
|
||||
fld = _TIFFCreateAnonField(tif, tag, dt);
|
||||
- if (!_TIFFMergeFields(tif, fld, 1))
|
||||
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
|
||||
index 58a4276..738df9f 100644
|
||||
--- a/libtiff/tif_dirread.c
|
||||
+++ b/libtiff/tif_dirread.c
|
||||
@@ -4275,11 +4275,9 @@ int TIFFReadDirectory(TIFF *tif)
|
||||
dp->tdir_tag, dp->tdir_tag);
|
||||
/* the following knowingly leaks the
|
||||
anonymous field structure */
|
||||
- if (!_TIFFMergeFields(
|
||||
- tif,
|
||||
- _TIFFCreateAnonField(tif, dp->tdir_tag,
|
||||
- (TIFFDataType)dp->tdir_type),
|
||||
- 1))
|
||||
+ const TIFFField *fld = _TIFFCreateAnonField(
|
||||
+ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
|
||||
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
|
||||
{
|
||||
TIFFWarningExtR(
|
||||
tif, module,
|
||||
@@ -5153,11 +5151,9 @@ int TIFFReadCustomDirectory(TIFF *tif, toff_t diroff,
|
||||
"Unknown field with tag %" PRIu16 " (0x%" PRIx16
|
||||
") encountered",
|
||||
dp->tdir_tag, dp->tdir_tag);
|
||||
- if (!_TIFFMergeFields(
|
||||
- tif,
|
||||
- _TIFFCreateAnonField(tif, dp->tdir_tag,
|
||||
- (TIFFDataType)dp->tdir_type),
|
||||
- 1))
|
||||
+ const TIFFField *fld = _TIFFCreateAnonField(
|
||||
+ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
|
||||
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
|
||||
{
|
||||
TIFFWarningExtR(tif, module,
|
||||
"Registering anonymous field with tag %" PRIu16
|
||||
--
|
||||
2.34.1
|
|
@ -1,7 +1,7 @@
|
|||
Summary: TIFF libraries and associated utilities.
|
||||
Name: libtiff
|
||||
Version: 4.6.0
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: libtiff
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Azure Linux
|
||||
|
@ -10,6 +10,7 @@ URL: https://gitlab.com/libtiff/libtiff
|
|||
Source0: https://gitlab.com/libtiff/libtiff/-/archive/v%{version}/libtiff-v%{version}.tar.gz
|
||||
Patch0: CVE-2023-52356.patch
|
||||
Patch1: CVE-2023-6277.patch
|
||||
Patch2: CVE-2024-7006.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
|
@ -63,6 +64,9 @@ make %{?_smp_mflags} -k check
|
|||
%{_docdir}/*
|
||||
|
||||
%changelog
|
||||
* Tue Aug 13 2024 Aadhar Agarwal <aadagarwal@microsoft.com> - 4.6.0-4
|
||||
- Add patch for CVE-2024-7006
|
||||
|
||||
* Wed Aug 07 2024 Sumedh Sharma <sumsharma@microsoft.com> - 4.6.0-3
|
||||
- Add patch to resolve CVE-2023-6277
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче