25 lines
1004 B
Plaintext
25 lines
1004 B
Plaintext
$OpenBSD: patch-libexif_exif-loader_c,v 1.1 2008/11/05 13:11:14 jasper Exp $
|
|
|
|
Fix for CVE-2007-6352: infinite recursion error DoS.
|
|
|
|
--- libexif/exif-loader.c.orig Wed Nov 5 13:56:14 2008
|
|
+++ libexif/exif-loader.c Wed Nov 5 13:59:38 2008
|
|
@@ -176,6 +176,8 @@ exif_loader_write (ExifLoader *eld, unsigned char *buf
|
|
break;
|
|
}
|
|
|
|
+ if (!len)
|
|
+ return 1;
|
|
exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
|
|
"Scanning %i byte(s) of data...", len);
|
|
|
|
@@ -263,7 +265,7 @@ exif_loader_write (ExifLoader *eld, unsigned char *buf
|
|
default:
|
|
switch (eld->b[i]) {
|
|
case JPEG_MARKER_APP1:
|
|
- if (!memcmp (eld->b + i + 3, ExifHeader, MIN(sizeof (ExifHeader), MAX(0, sizeof (eld->b) - i - 3)))) {
|
|
+ if (!memcmp (eld->b + i + 3, ExifHeader, MIN((ssize_t)(sizeof(ExifHeader)), MAX(0, ((ssize_t)(sizeof(eld->b))) - ((ssize_t)i) - 3)))) {
|
|
eld->data_format = EL_DATA_FORMAT_EXIF;
|
|
} else {
|
|
eld->data_format = EL_DATA_FORMAT_JPEG; /* Probably JFIF - keep searching for APP1 EXIF*/
|