Browse code
libmspack - Patch for CVE-2018-14679 & CVE-2018-14680
Change-Id: I5085b685174de86bedfb75375873563a37b6559c
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6193
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
gsujayvmw authored on 2018/11/16 19:15:50Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,40 @@ |
| 0 |
+diff --git libmspack-0.5alpha/mspack/chmd.c libmspack-0.5alpha-a/mspack/chmd.c |
|
| 1 |
+--- libmspack-0.5alpha/mspack/chmd.c |
|
| 2 |
+@@ -1,5 +1,5 @@ |
|
| 3 |
+ /* This file is part of libmspack. |
|
| 4 |
+- * (C) 2003-2011 Stuart Caie. |
|
| 5 |
++ * (C) 2003-2018 Stuart Caie. |
|
| 6 |
+ * |
|
| 7 |
+ * libmspack is free software; you can redistribute it and/or modify it under |
|
| 8 |
+ * the terms of the GNU Lesser General Public License (LGPL) version 2.1 |
|
| 9 |
+@@ -397,7 +397,7 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh, |
|
| 10 |
+ D(("first pmgl chunk is after last pmgl chunk"))
|
|
| 11 |
+ return MSPACK_ERR_DATAFORMAT; |
|
| 12 |
+ } |
|
| 13 |
+- if (chm->index_root != 0xFFFFFFFF && chm->index_root > chm->num_chunks) {
|
|
| 14 |
++ if (chm->index_root != 0xFFFFFFFF && chm->index_root >= chm->num_chunks) {
|
|
| 15 |
+ D(("index_root outside valid range"))
|
|
| 16 |
+ return MSPACK_ERR_DATAFORMAT; |
|
| 17 |
+ } |
|
| 18 |
+@@ -447,7 +447,10 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh, |
|
| 19 |
+ while (num_entries--) {
|
|
| 20 |
+ READ_ENCINT(name_len); |
|
| 21 |
+ if (name_len > (unsigned int) (end - p)) goto chunk_end; |
|
| 22 |
++ /* consider blank filenames to be an error */ |
|
| 23 |
++ if (name_len == 0) goto chunk_end; |
|
| 24 |
+ name = p; p += name_len; |
|
| 25 |
++ |
|
| 26 |
+ READ_ENCINT(section); |
|
| 27 |
+ READ_ENCINT(offset); |
|
| 28 |
+ READ_ENCINT(length); |
|
| 29 |
+@@ -622,7 +625,7 @@ static unsigned char *read_chunk(struct mschm_decompressor_p *self, |
|
| 30 |
+ unsigned char *buf; |
|
| 31 |
+ |
|
| 32 |
+ /* check arguments - most are already checked by chmd_fast_find */ |
|
| 33 |
+- if (chunk_num > chm->num_chunks) return NULL; |
|
| 34 |
++ if (chunk_num >= chm->num_chunks) return NULL; |
|
| 35 |
+ |
|
| 36 |
+ /* ensure chunk cache is available */ |
|
| 37 |
+ if (!chm->chunk_cache) {
|
|
| 38 |
+ |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: A library that provides compression and decompression of file formats used by Microsoft |
| 2 | 2 |
Name: libmspack |
| 3 | 3 |
Version: 0.5alpha |
| 4 |
-Release: 5%{?dist}
|
|
| 4 |
+Release: 6%{?dist}
|
|
| 5 | 5 |
License: LGPLv2+ |
| 6 | 6 |
URL: http://www.cabextract.org.uk/libmspack/libmspack-0.5alpha.tar.gz |
| 7 | 7 |
Group: Applications/System |
| ... | ... |
@@ -11,6 +11,7 @@ Source0: http://www.cabextract.org.uk/libmspack/%{name}-%{version}.tar.gz
|
| 11 | 11 |
%define sha1 libmspack=226f19b1fc58e820671a1749983b06896e108cc4 |
| 12 | 12 |
Patch0: CVE-2017-6419.patch |
| 13 | 13 |
Patch1: CVE-2017-11423.patch |
| 14 |
+Patch2: CVE-2018-14679-CVE-2018-14680.patch |
|
| 14 | 15 |
%description |
| 15 | 16 |
A library that provides compression and decompression of file formats used by Microsoft |
| 16 | 17 |
|
| ... | ... |
@@ -24,6 +25,7 @@ It contains the libraries and header files to create applications. |
| 24 | 24 |
%setup -q |
| 25 | 25 |
%patch0 -p1 |
| 26 | 26 |
%patch1 -p1 |
| 27 |
+%patch2 -p1 |
|
| 27 | 28 |
%build |
| 28 | 29 |
./configure --prefix=/usr |
| 29 | 30 |
make %{?_smp_mflags}
|
| ... | ... |
@@ -49,6 +51,8 @@ cd test |
| 49 | 49 |
%{_libdir}/*.so
|
| 50 | 50 |
|
| 51 | 51 |
%changelog |
| 52 |
+* Fri Nov 16 2018 Sujay G <gsujay@vmware.com> 0.5alpha-6 |
|
| 53 |
+- Patch for CVE-2018-14679 & CVE-2018-14680 |
|
| 52 | 54 |
* Mon Jul 16 2018 Ajay Kaher <akaher@vmware.com> 0.5alpha-5 |
| 53 | 55 |
- Patch for CVE-2017-11423 |
| 54 | 56 |
* Mon May 21 2018 Anish Swaminathan <anishs@vmware.com> 0.5alpha-4 |