/[packages]/updates/5/gimp/current/SOURCES/Bug-790853-CVE-2017-17787-heap-overread-in-psp-impor.patch |
Parent Directory | Revision Log
add patches from debian to fix CVE-2017-1778[4-9]
1 | From: Jehan <jehan@girinstud.io> |
2 | Date: Thu, 21 Dec 2017 12:49:41 +0100 |
3 | Subject: Bug 790853 - (CVE-2017-17787) heap overread in psp importer. |
4 | Origin: https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d |
5 | Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17787 |
6 | Bug-Debian: https://bugs.debian.org/884927 |
7 | Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790853 |
8 | |
9 | As any external data, we have to check that strings being read at fixed |
10 | length are properly nul-terminated. |
11 | |
12 | (cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d) |
13 | --- |
14 | plug-ins/common/file-psp.c | 6 ++++++ |
15 | 1 file changed, 6 insertions(+) |
16 | |
17 | diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c |
18 | index 4cbafe37b1..e350e4d88d 100644 |
19 | --- a/plug-ins/common/file-psp.c |
20 | +++ b/plug-ins/common/file-psp.c |
21 | @@ -890,6 +890,12 @@ read_creator_block (FILE *f, |
22 | g_free (string); |
23 | return -1; |
24 | } |
25 | + if (string[length - 1] != '\0') |
26 | + { |
27 | + g_message ("Creator keyword data not nul-terminated"); |
28 | + g_free (string); |
29 | + return -1; |
30 | + } |
31 | switch (keyword) |
32 | { |
33 | case PSP_CRTR_FLD_TITLE: |
34 | -- |
35 | 2.15.1 |
36 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |