Update for security issue

2018-03-12 17:33:00 +01:00 · 2018-03-12 17:33:00 +01:00 · a57f90d302
commit a57f90d302
parent 6b56c2f578
2 changed files with 46 additions and 10 deletions
--- a/Sanity-check-size-passed-to-malloc.patch
+++ b/Sanity-check-size-passed-to-malloc.patch
@ -0,0 +1,33 @@
+From 435a2ca802358a3debb6d164d2c33049131df81c Mon Sep 17 00:00:00 2001
+From: Phillip Hellewell <sshock@gmail.com>
+Date: Sat, 10 Mar 2018 18:05:39 -0700
+Subject: [PATCH 3/4] Sanity check size passed to malloc...
+
+Add sanity check before calling malloc in af_get_page() function to
+avoid undefined behavior (e.g., seg fault) when dealing with a corrupt
+AFF image with an invalid pagesize.
+
+Issue found by Luis Rocha (luiscrocha@gmail.com).
+---
+ lib/afflib_pages.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/afflib_pages.cpp b/lib/afflib_pages.cpp
+index 2569c2a..f8cf775 100644
+--- a/lib/afflib_pages.cpp
+++ b/lib/afflib_pages.cpp
+@@ -219,6 +219,11 @@ int af_get_page(AFFILE *af,int64_t pagenum,unsigned char *data,size_t *bytes)
+ 	    return -3;			// read error
+ 	}
+ 
+	/* Sanity check to avoid undefined behaviour when calling malloc below with pagesize from a corrupt AFF image. */
+	if(af->image_pagesize <= 0 || af->image_pagesize > 16*1024*1024)
+	    return -1;
+
+
+ 	/* Now uncompress directly into the buffer provided by the caller, unless the caller didn't
+ 	 * provide a buffer. If that happens, allocate our own...
+ 	 */
+-- 
+2.13.6
+
--- a/afflib.spec
+++ b/afflib.spec
@ -1,11 +1,13 @@
 Name:           afflib
 Version:        3.7.16
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Library to support the Advanced Forensic Format

 License:        BSD with advertising
 URL:            https://github.com/sshock/AFFLIBv3
-Source0:        https://github.com/sshock/AFFLIBv3/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0:        %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# Upstream backport
+Patch0:         Sanity-check-size-passed-to-malloc.patch

 BuildRequires:  libtool

@ -50,7 +52,7 @@ developing applications that use %{name}.


 %prep
-%setup -q -n AFFLIBv3-%{version}
+%autosetup -p1 -n AFFLIBv3-%{version}
 # prevent internal lzma to be built - testing
 #rm -rf lzma443

@ -73,18 +75,15 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 # clean unused-direct-shlib-dependencies
 sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool

-make %{?_smp_mflags}
+%make_build


 %install
-make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
-find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
+%make_install
+find %{buildroot} -name '*.la' -exec rm -f {} ';'


-
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
+%ldconfig_scriptlets


 %files
@ -106,6 +105,10 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'


 %changelog
+* Mon Mar 12 2018 Nicolas Chauvet <kwizart@gmail.com> - 3.7.16-4
+- Security issue - rhbz#1554423
+- Spec file update
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.16-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild