Update to 5.37 with patch for CVE-2019-18218.
PR: 241424 Submitted by: Nathan Owens <ndowens04@gmail.com> Approved by: jharris@widomaker.com (maintainer) MFH: 2019Q4 Security: 381deebb-f5c9-11e9-9c4f-74d435e60b7c
This commit is contained in:
parent
cd9940a35c
commit
1737a2bca6
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=516311
@ -2,7 +2,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= file
|
||||
PORTVERSION= 5.36
|
||||
PORTVERSION= 5.37
|
||||
CATEGORIES= sysutils
|
||||
MASTER_SITES= ftp://ftp.astron.com/pub/file/ \
|
||||
ftp://ftp.fu-berlin.de/unix/tools/file/
|
||||
|
@ -1,3 +1,3 @@
|
||||
TIMESTAMP = 1550771584
|
||||
SHA256 (file-5.36.tar.gz) = fb608290c0fd2405a8f63e5717abf6d03e22e183fb21884413d1edd918184379
|
||||
SIZE (file-5.36.tar.gz) = 875792
|
||||
TIMESTAMP = 1571780726
|
||||
SHA256 (file-5.37.tar.gz) = e9c13967f7dd339a3c241b7710ba093560b9a33013491318e88e6b8b57bae07f
|
||||
SIZE (file-5.37.tar.gz) = 887682
|
||||
|
71
sysutils/file/files/patch-src_cdf.c
Normal file
71
sysutils/file/files/patch-src_cdf.c
Normal file
@ -0,0 +1,71 @@
|
||||
--- src/cdf.c.orig 2019-10-22 21:52:28 UTC
|
||||
+++ src/cdf.c
|
||||
@@ -35,7 +35,7 @@
|
||||
#include "file.h"
|
||||
|
||||
#ifndef lint
|
||||
-FILE_RCSID("@(#)$File: cdf.c,v 1.114 2019/02/20 02:35:27 christos Exp $")
|
||||
+FILE_RCSID("@(#)$File: cdf.c,v 1.116 2019/08/26 14:31:39 christos Exp $")
|
||||
#endif
|
||||
|
||||
#include <assert.h>
|
||||
@@ -53,6 +53,10 @@ FILE_RCSID("@(#)$File: cdf.c,v 1.114 2019/02/20 02:35:
|
||||
#define EFTYPE EINVAL
|
||||
#endif
|
||||
|
||||
+#ifndef SIZE_T_MAX
|
||||
+#define SIZE_T_MAX CAST(size_t, ~0ULL)
|
||||
+#endif
|
||||
+
|
||||
#include "cdf.h"
|
||||
|
||||
#ifdef CDF_DEBUG
|
||||
@@ -405,7 +409,12 @@ cdf_read_sector(const cdf_info_t *info, void *buf, siz
|
||||
const cdf_header_t *h, cdf_secid_t id)
|
||||
{
|
||||
size_t ss = CDF_SEC_SIZE(h);
|
||||
- size_t pos = CDF_SEC_POS(h, id);
|
||||
+ size_t pos;
|
||||
+
|
||||
+ if (SIZE_T_MAX / ss < CAST(size_t, id))
|
||||
+ return -1;
|
||||
+
|
||||
+ pos = CDF_SEC_POS(h, id);
|
||||
assert(ss == len);
|
||||
return cdf_read(info, CAST(off_t, pos), RCAST(char *, buf) + offs, len);
|
||||
}
|
||||
@@ -415,7 +424,12 @@ cdf_read_short_sector(const cdf_stream_t *sst, void *b
|
||||
size_t len, const cdf_header_t *h, cdf_secid_t id)
|
||||
{
|
||||
size_t ss = CDF_SHORT_SEC_SIZE(h);
|
||||
- size_t pos = CDF_SHORT_SEC_POS(h, id);
|
||||
+ size_t pos;
|
||||
+
|
||||
+ if (SIZE_T_MAX / ss < CAST(size_t, id))
|
||||
+ return -1;
|
||||
+
|
||||
+ pos = CDF_SHORT_SEC_POS(h, id);
|
||||
assert(ss == len);
|
||||
if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) {
|
||||
DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %"
|
||||
@@ -1013,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const
|
||||
goto out;
|
||||
}
|
||||
nelements = CDF_GETUINT32(q, 1);
|
||||
- if (nelements == 0) {
|
||||
- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
|
||||
+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
|
||||
+ DPRINTF(("CDF_VECTOR with nelements == %"
|
||||
+ SIZE_T_FORMAT "u\n", nelements));
|
||||
goto out;
|
||||
}
|
||||
slen = 2;
|
||||
@@ -1056,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const
|
||||
goto out;
|
||||
inp += nelem;
|
||||
}
|
||||
- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
|
||||
- nelements));
|
||||
for (j = 0; j < nelements && i < sh.sh_properties;
|
||||
j++, i++)
|
||||
{
|
10
sysutils/file/files/patch-src_cdf.h
Normal file
10
sysutils/file/files/patch-src_cdf.h
Normal file
@ -0,0 +1,10 @@
|
||||
--- src/cdf.h.orig 2019-10-22 21:52:35 UTC
|
||||
+++ src/cdf.h
|
||||
@@ -48,6 +48,7 @@
|
||||
typedef int32_t cdf_secid_t;
|
||||
|
||||
#define CDF_LOOP_LIMIT 10000
|
||||
+#define CDF_ELEMENT_LIMIT 100000
|
||||
|
||||
#define CDF_SECID_NULL 0
|
||||
#define CDF_SECID_FREE -1
|
Loading…
Reference in New Issue
Block a user