Patch file for CVE-2018-10360.
Patch from Matthias Ferdinand on pkgsrc-users. The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
This commit is contained in:
parent
6811fe4e9a
commit
9b5bfa91e5
3 changed files with 28 additions and 3 deletions
|
@ -1,7 +1,7 @@
|
|||
# $NetBSD: Makefile,v 1.41 2017/12/12 03:11:51 ryoon Exp $
|
||||
# $NetBSD: Makefile,v 1.42 2018/06/30 09:27:02 bsiegert Exp $
|
||||
|
||||
DISTNAME= file-5.32
|
||||
PKGREVISION= 1
|
||||
PKGREVISION= 2
|
||||
CATEGORIES= sysutils
|
||||
MASTER_SITES= ftp://ftp.astron.com/pub/file/
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
$NetBSD: distinfo,v 1.30 2017/12/12 03:11:51 ryoon Exp $
|
||||
$NetBSD: distinfo,v 1.31 2018/06/30 09:27:02 bsiegert Exp $
|
||||
|
||||
SHA1 (file-5.32.tar.gz) = c2858a8043387d1229d8768ad42762a803d017db
|
||||
RMD160 (file-5.32.tar.gz) = b7d41a4c6b2c28d9f202d740e353416e2036c1ef
|
||||
|
@ -6,4 +6,5 @@ SHA512 (file-5.32.tar.gz) = 315343229fa196335389544ee8010e9e80995ef4721938492ded
|
|||
Size (file-5.32.tar.gz) = 797025 bytes
|
||||
SHA1 (patch-aa) = dc787ea0d77d7ba88bcb1e17d38b26b13153a1c5
|
||||
SHA1 (patch-src_fsmagic.c) = ee770cf37dfdfbc5a7c123d2691312610b76e76e
|
||||
SHA1 (patch-src_readelf.c) = 2dca756d757509643f72937595c470378fb4f3d1
|
||||
SHA1 (patch-src_softmagic.c) = bd8871c9050ca521f02b62066d0023a5fbb2d168
|
||||
|
|
24
sysutils/file/patches/patch-src_readelf.c
Normal file
24
sysutils/file/patches/patch-src_readelf.c
Normal file
|
@ -0,0 +1,24 @@
|
|||
$NetBSD: patch-src_readelf.c,v 1.1 2018/06/30 09:27:03 bsiegert Exp $
|
||||
|
||||
apply https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
|
||||
against https://nvd.nist.gov/vuln/detail/CVE-2018-10360
|
||||
|
||||
...
|
||||
The do_core_note function in readelf.c in libmagic.a in file
|
||||
5.33 allows remote attackers to cause a denial of service
|
||||
(out-of-bounds read and application crash) via a crafted ELF
|
||||
file.
|
||||
...
|
||||
|
||||
--- src/readelf.c.orig 2017-08-27 07:55:02.000000000 +0000
|
||||
+++ src/readelf.c
|
||||
@@ -824,7 +824,8 @@ do_core_note(struct magic_set *ms, unsig
|
||||
|
||||
cname = (unsigned char *)
|
||||
&nbuf[doff + prpsoffsets(i)];
|
||||
- for (cp = cname; *cp && isprint(*cp); cp++)
|
||||
+ for (cp = cname; cp < nbuf + size && *cp
|
||||
+ && isprint(*cp); cp++)
|
||||
continue;
|
||||
/*
|
||||
* Linux apparently appends a space at the end
|
Loading…
Reference in a new issue