Browse code
Fix for CVE-2017-11423
Change-Id: I565ea0f07d547da6d01876c409700f817fe3a6c3
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5398
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Ajay Kaher authored on 2018/07/25 04:21:26Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,14 @@ |
| 0 |
+diff -Naur libmspack-0.5alpha/mspack/cabd.c libmspack-0.5alpha-a/mspack/cabd.c |
|
| 1 |
+--- libmspack-0.5alpha/mspack/cabd.c 2015-01-18 18:29:24.000000000 +0530 |
|
| 2 |
+@@ -525,6 +525,10 @@ |
|
| 3 |
+ |
|
| 4 |
+ /* read up to 256 bytes */ |
|
| 5 |
+ len = sys->read(fh, &buf[0], 256); |
|
| 6 |
++ if (len <= 0) {
|
|
| 7 |
++ *error = MSPACK_ERR_READ; |
|
| 8 |
++ return NULL; |
|
| 9 |
++ } |
|
| 10 |
+ |
|
| 11 |
+ /* search for a null terminator in the buffer. reject empty strings */ |
|
| 12 |
+ for (i = 1, ok = 0; i < len; i++) if (!buf[i]) { ok = 1; break; }
|
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: A library that provides compression and decompression of file formats used by Microsoft |
| 2 | 2 |
Name: libmspack |
| 3 | 3 |
Version: 0.5alpha |
| 4 |
-Release: 3%{?dist}
|
|
| 4 |
+Release: 4%{?dist}
|
|
| 5 | 5 |
License: LGPLv2+ |
| 6 | 6 |
URL: http://www.cabextract.org.uk/libmspack/libmspack-0.5alpha.tar.gz |
| 7 | 7 |
Group: Applications/System |
| ... | ... |
@@ -10,11 +10,13 @@ Distribution: Photon |
| 10 | 10 |
Source0: http://www.cabextract.org.uk/libmspack/%{name}-%{version}.tar.gz
|
| 11 | 11 |
%define sha1 libmspack=226f19b1fc58e820671a1749983b06896e108cc4 |
| 12 | 12 |
Patch0: CVE-2017-6419.patch |
| 13 |
+Patch1: CVE-2017-11423.patch |
|
| 13 | 14 |
%description |
| 14 | 15 |
A library that provides compression and decompression of file formats used by Microsoft |
| 15 | 16 |
%prep |
| 16 | 17 |
%setup -q |
| 17 | 18 |
%patch0 -p1 |
| 19 |
+%patch1 -p1 |
|
| 18 | 20 |
%build |
| 19 | 21 |
./configure --prefix=/usr |
| 20 | 22 |
make %{?_smp_mflags}
|
| ... | ... |
@@ -31,6 +33,8 @@ make DESTDIR=%{buildroot} install
|
| 31 | 31 |
%{_libdir}/pkgconfig/*.pc
|
| 32 | 32 |
%{_includedir}/*
|
| 33 | 33 |
%changelog |
| 34 |
+* Tue Jul 24 2018 Ajay Kaher <akaher@vmware.com> 0.5alpha-4 |
|
| 35 |
+- Patch for CVE-2017-11423.patch |
|
| 34 | 36 |
* Mon May 21 2018 Anish Swaminathan <anishs@vmware.com> 0.5alpha-3 |
| 35 | 37 |
- Patch for CVE-2017-6419 |
| 36 | 38 |
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 0.5alpha-2 |