packages/libtiff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!38 fix CVE-2022-22844

Browse Source 
From: @dongyuzhen 
Reviewed-by: @zzm_567, @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2022-03-10 07:10:29 +00:00 committed by Gitee
commit 207deb2d0c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 127 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
backport-0001-CVE-2022-22844.patch Normal file
View File

@ -0,0 +1,50 @@
From 49b81e99704bd199a24ccce65f974cc2d78cccc4 Mon Sep 17 00:00:00 2001
From: 4ugustus <wangdw.augustus@qq.com>
Date: Tue, 4 Jan 2022 11:01:37 +0000
Subject: [PATCH] fixing global-buffer-overflow in tiffset
Conflict:NA
Reference:https://gitlab.com/libtiff/libtiff/-/commit/49b81e99704bd199a24ccce65f974cc2d78cccc4
---
tools/tiffset.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/tools/tiffset.c b/tools/tiffset.c
index 7ecc401..53afc51 100644
--- a/tools/tiffset.c
+++ b/tools/tiffset.c
@@ -32,6 +32,7 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include <stdint.h>
#include "tiffio.h"
@@ -133,9 +134,19 @@ main(int argc, char* argv[])
arg_index++;
if (TIFFFieldDataType(fip) == TIFF_ASCII) {
- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
- fprintf( stderr, "Failed to set %s=%s\n",
- TIFFFieldName(fip), argv[arg_index] );
+ if(TIFFFieldPassCount( fip )) {
+ size_t len;
+ len = (uint32_t)(strlen(argv[arg_index] + 1));
+ if (TIFFSetField(tiff, TIFFFieldTag(fip),
+ (uint16_t)len, argv[arg_index]) != 1)
+ fprintf( stderr, "Failed to set %s=%s",
+ TIFFFieldName(fip), argv[arg_index] );
+ } else {
+ if (TIFFSetField(tiff, TIFFFieldTag(fip),
+ argv[arg_index]) != 1)
+ fprintf( stderr, "Failed to set %s=%s",
+ TIFFFieldName(fip), argv[arg_index] );
+ }
} else if (TIFFFieldWriteCount(fip) > 0
|| TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
int ret = 1;
--
2.33.0

39
backport-0002-CVE-2022-22844.patch Normal file
View File

@ -0,0 +1,39 @@
From 0cf67888e32e36b45828dd467920684c93f2b22d Mon Sep 17 00:00:00 2001
From: Timothy Lyanguzov <theta682@gmail.com>
Date: Tue, 25 Jan 2022 04:27:28 +0000
Subject: [PATCH] Apply 4 suggestion(s) to 1 file(s)
Conflict:NA
Reference:https://gitlab.com/libtiff/libtiff/-/commit/0cf67888e32e36b45828dd467920684c93f2b22d
---
tools/tiffset.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/tiffset.c b/tools/tiffset.c
index 53afc51..75a8616 100644
--- a/tools/tiffset.c
+++ b/tools/tiffset.c
@@ -136,15 +136,15 @@ main(int argc, char* argv[])
if (TIFFFieldDataType(fip) == TIFF_ASCII) {
if(TIFFFieldPassCount( fip )) {
size_t len;
- len = (uint32_t)(strlen(argv[arg_index] + 1));
- if (TIFFSetField(tiff, TIFFFieldTag(fip),
+ len = strlen(argv[arg_index] + 1);
+ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
(uint16_t)len, argv[arg_index]) != 1)
- fprintf( stderr, "Failed to set %s=%s",
+ fprintf( stderr, "Failed to set %s=%s\n",
TIFFFieldName(fip), argv[arg_index] );
} else {
if (TIFFSetField(tiff, TIFFFieldTag(fip),
argv[arg_index]) != 1)
- fprintf( stderr, "Failed to set %s=%s",
+ fprintf( stderr, "Failed to set %s=%s\n",
TIFFFieldName(fip), argv[arg_index] );
}
} else if (TIFFFieldWriteCount(fip) > 0
--
2.33.0

28
backport-0003-CVE-2022-22844.patch Normal file
View File

@ -0,0 +1,28 @@
From 0a827a985f891d6df481a6f581c723640fad7874 Mon Sep 17 00:00:00 2001
From: 4ugustus <wangdw.augustus@qq.com>
Date: Tue, 25 Jan 2022 04:30:38 +0000
Subject: [PATCH] fix a small typo in strlen
Conflict:NA
Reference:https://gitlab.com/libtiff/libtiff/-/commit/0a827a985f891d6df481a6f581c723640fad7874
---
tools/tiffset.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/tiffset.c b/tools/tiffset.c
index 75a8616..19e177b 100644
--- a/tools/tiffset.c
+++ b/tools/tiffset.c
@@ -136,7 +136,7 @@ main(int argc, char* argv[])
if (TIFFFieldDataType(fip) == TIFF_ASCII) {
if(TIFFFieldPassCount( fip )) {
size_t len;
- len = strlen(argv[arg_index] + 1);
+ len = strlen(argv[arg_index]) + 1;
if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
(uint16_t)len, argv[arg_index]) != 1)
fprintf( stderr, "Failed to set %s=%s\n",
--
2.33.0

11
libtiff.spec
View File

@ -1,6 +1,6 @@
Name: libtiff
Version: 4.1.0
Release: 4
Release: 5
Summary: TIFF Library and Utilities
License: libtiff
URL: https://www.simplesystems.org/libtiff/
@ -11,6 +11,9 @@ Patch6001: backport-CVE-2020-35523.patch
Patch6002: backport-CVE-2020-35524.patch
Patch6003: backport-CVE-2022-0561.patch
Patch6004: backport-CVE-2022-0562.patch
Patch6005: backport-0001-CVE-2022-22844.patch
Patch6006: backport-0002-CVE-2022-22844.patch
Patch6007: backport-0003-CVE-2022-22844.patch
BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
BuildRequires: libtool automake autoconf pkgconfig git
@ -117,6 +120,12 @@ find html -name 'Makefile*' | xargs rm
%exclude %{_datadir}/html/man/tiffgt.1.html
%changelog
* Thu Mar 10 2022 dongyuzhen <dongyuzhen@h-partners.com> - 4.1.0-5
- Type:cves
- ID:CVE-2022-22844
- SUG:NA
- DESC:fix CVE-2022-22844
* Wed Feb 23 2022 liuyumeng <liuyumeng5@h-partners.com> -4.1.0-4
- Type:cves
- ID:CVE-2022-0561 CVE-2022-0562