diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2023-04-10 05:36:05 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2023-04-10 05:36:05 +0100 |
| commit | 4bbcd26e7cb1908fb98bb318bfaa13ea9e32d860 (patch) | |
| tree | 39e9258a61ef296b0e5afba0c7dc2557891487c4 /media-gfx/jhead/files | |
| parent | 47d5e233005d470dbd431a280e64ce6073fc7149 (diff) | |
gentoo auto-resync : 10:04:2023 - 05:36:05
Diffstat (limited to 'media-gfx/jhead/files')
| -rw-r--r-- | media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch b/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch new file mode 100644 index 000000000000..1669eb6f089f --- /dev/null +++ b/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch @@ -0,0 +1,108 @@ +From f4f57913fff5de97da347a22558bbb74a1166369 Mon Sep 17 00:00:00 2001 +From: matthias wandel <matthias@woodgears.ca> +Date: Wed, 1 Sep 2021 18:59:15 -0300 +Subject: [PATCH] If exif header is complete garbage, don't keep it. Fixes + issue 36 + +(cherry picked from commit c761620767ae72e5d61c697a73de262aebe0b591) +--- + exif.c | 12 +++++++----- + jhead.h | 2 +- + jpgfile.c | 5 ++++- + 3 files changed, 12 insertions(+), 7 deletions(-) + +diff --git a/exif.c b/exif.c +index ba066b5..d250a8d 100755 +--- a/exif.c ++++ b/exif.c +@@ -1005,7 +1005,7 @@ void Clear_EXIF () + // Process a EXIF marker + // Describes all the drivel that most digital cameras include... + //-------------------------------------------------------------------------- +-void process_EXIF (unsigned char * ExifSection, int length) ++int process_EXIF (unsigned char * ExifSection, int length) + { + int FirstOffset; + +@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, int length) + static uchar ExifHeader[] = "Exif\0\0"; + if (memcmp(ExifSection+2, ExifHeader,6)){ + ErrNonfatal("Incorrect Exif header",0,0); +- return; ++ return 0; + } + } + +@@ -1033,21 +1033,21 @@ void process_EXIF (unsigned char * ExifSection, int length) + MotorolaOrder = 1; + }else{ + ErrNonfatal("Invalid Exif alignment marker.",0,0); +- return; ++ return 0; + } + } + + // Check the next value for correctness. + if (Get16u(ExifSection+10) != 0x2a){ + ErrNonfatal("Invalid Exif start (1)",0,0); +- return; ++ return 0; + } + + FirstOffset = (int)Get32u(ExifSection+12); + if (FirstOffset < 8 || FirstOffset > 16){ + if (FirstOffset < 16 || FirstOffset > length-16 || length < 16){ + ErrNonfatal("invalid offset for first Exif IFD value",0,0); +- return; ++ return 0; + } + // Usually set to 8, but other values valid too. + ErrNonfatal("Suspicious offset of first Exif IFD value",0,0); +@@ -1086,6 +1086,7 @@ void process_EXIF (unsigned char * ExifSection, int length) + ImageInfo.FocalLength35mmEquiv = (int)(ImageInfo.FocalLength/ImageInfo.CCDWidth*36 + 0.5); + } + } ++ return 1; + } + + +@@ -1235,6 +1236,7 @@ void create_EXIF(void) + const char * ClearOrientation(void) + { + int a; ++ + if (NumOrientations == 0) return NULL; + + for (a=0;a<NumOrientations;a++){ +diff --git a/jhead.h b/jhead.h +index 3d620d9..03987e2 100644 +--- a/jhead.h ++++ b/jhead.h +@@ -163,7 +163,7 @@ void FileTimeAsString(char * TimeStr); + // Prototypes for exif.c functions. + int Exif2tm(struct tm * timeptr, char * ExifTime); + void Clear_EXIF(); +-void process_EXIF (unsigned char * CharBuf, int length); ++int process_EXIF (unsigned char * CharBuf, int length); + void ShowImageInfo(int ShowFileInfo); + void ShowConciseImageInfo(void); + const char * ClearOrientation(void); +diff --git a/jpgfile.c b/jpgfile.c +index 097d2f1..af2d7bc 100644 +--- a/jpgfile.c ++++ b/jpgfile.c +@@ -286,7 +286,10 @@ int ReadJpegSections (FILE * infile, ReadMode_t ReadMode) + // There can be different section using the same marker.
+ if (ReadMode & READ_METADATA){
+ if (memcmp(Data+2, "Exif", 4) == 0){
+- process_EXIF(Data, itemlen);
++ if (!process_EXIF(Data, itemlen)){
++ // malformatted exif sections, discard.
++ free(Sections[--SectionsRead].Data);
++ }
+ break;
+ }else if (memcmp(Data+2, "http:", 5) == 0){
+ Sections[SectionsRead-1].Type = M_XMP; // Change tag for internal purposes.
+-- +2.39.2 + |