Browse code
file: Fix for CVE-2018-10360
Change-Id: Ia85e909563e63b28bf09400300c863df61dc892d
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5444
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Ankit Jain authored on 2018/08/02 00:22:47Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,29 @@ |
| 0 |
+From a642587a9c9e2dd7feacdf513c3643ce26ad3c22 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Christos Zoulas <christos@zoulas.com> |
|
| 2 |
+Date: Sat, 9 Jun 2018 16:00:06 +0000 |
|
| 3 |
+Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis) |
|
| 4 |
+ |
|
| 5 |
+--- |
|
| 6 |
+diff --git a/src/readelf.c b/src/readelf.c |
|
| 7 |
+index 6738942..56f13f4 100644 |
|
| 8 |
+--- a/src/readelf.c |
|
| 9 |
+@@ -27,7 +27,7 @@ |
|
| 10 |
+ #include "file.h" |
|
| 11 |
+ |
|
| 12 |
+ #ifndef lint |
|
| 13 |
+-FILE_RCSID("@(#)$File: readelf.c,v 1.130 2017/01/29 19:34:24 christos Exp $")
|
|
| 14 |
++FILE_RCSID("@(#)$File: readelf.c,v 1.143 2018/06/09 16:00:06 christos Exp $")
|
|
| 15 |
+ #endif |
|
| 16 |
+ |
|
| 17 |
+ #ifdef BUILTIN_ELF |
|
| 18 |
+@@ -824,7 +824,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, |
|
| 19 |
+ |
|
| 20 |
+ cname = (unsigned char *) |
|
| 21 |
+ &nbuf[doff + prpsoffsets(i)]; |
|
| 22 |
+- for (cp = cname; *cp && isprint(*cp); cp++) |
|
| 23 |
++ for (cp = cname; cp < nbuf + size && *cp |
|
| 24 |
++ && isprint(*cp); cp++) |
|
| 25 |
+ continue; |
|
| 26 |
+ /* |
|
| 27 |
+ * Linux apparently appends a space at the end |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: Contains a utility for determining file types |
| 2 | 2 |
Name: file |
| 3 | 3 |
Version: 5.30 |
| 4 |
-Release: 3%{?dist}
|
|
| 4 |
+Release: 4%{?dist}
|
|
| 5 | 5 |
License: BSD |
| 6 | 6 |
URL: http://www.darwinsys.com/file |
| 7 | 7 |
Group: Applications/File |
| ... | ... |
@@ -10,6 +10,7 @@ Distribution: Photon |
| 10 | 10 |
Source0: ftp://ftp.astron.com/pub/file/%{name}-%{version}.tar.gz
|
| 11 | 11 |
%define sha1 file=276051cd2c438d4e7a321c4422a5b3bc850fd747 |
| 12 | 12 |
Patch0: file-5.30-keep-not-stripped-last.patch |
| 13 |
+Patch1: 0001-Avoid-reading-past-the-end-of-buffer-Rui-Reis.patch |
|
| 13 | 14 |
Requires: %{name}-libs = %{version}-%{release}
|
| 14 | 15 |
Conflicts: toybox |
| 15 | 16 |
%description |
| ... | ... |
@@ -30,6 +31,7 @@ It contains the libraries and header files to create applications. |
| 30 | 30 |
%prep |
| 31 | 31 |
%setup -q |
| 32 | 32 |
%patch0 -p1 |
| 33 |
+%patch1 -p1 |
|
| 33 | 34 |
%build |
| 34 | 35 |
./configure \ |
| 35 | 36 |
--prefix=%{_prefix} \
|
| ... | ... |
@@ -62,6 +64,8 @@ make %{?_smp_mflags} check
|
| 62 | 62 |
%{_mandir}/*man3/*
|
| 63 | 63 |
|
| 64 | 64 |
%changelog |
| 65 |
+* Wed Aug 01 2018 Ankit Jain <ankitja@vmware.com> 5.30-4 |
|
| 66 |
+- Fix for CVE-2018-10360. |
|
| 65 | 67 |
* Fri Dec 15 2017 Divya Thaluru <dthaluru@vmware.com> 5.30-3 |
| 66 | 68 |
- Added seperate package for libraries |
| 67 | 69 |
- Added toybox as conflict package |