Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).

2011-08-19 11:35:13 +01:00 · 2011-08-19 11:35:13 +01:00 · cf15da723a
commit cf15da723a
parent ccb8206c51
2 changed files with 40 additions and 1 deletions
--- a/cups-CVE-2011-2896.patch
+++ b/cups-CVE-2011-2896.patch
@ -0,0 +1,33 @@
+diff -up cups-1.4.8/filter/image-gif.c.CVE-2011-2896 cups-1.4.8/filter/image-gif.c
+--- cups-1.4.8/filter/image-gif.c.CVE-2011-2896	2011-06-20 21:37:51.000000000 +0100
+++ cups-1.4.8/filter/image-gif.c	2011-08-19 11:33:37.547911212 +0100
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp,			/* I - File to 
+ 
+     if (code == max_code)
+     {
+-      *sp++ = firstcode;
+-      code  = oldcode;
+      if (sp < (stack + 8192))
+	*sp++ = firstcode;
+
+      code = oldcode;
+     }
+ 
+-    while (code >= clear_code)
+    while (code >= clear_code && sp < (stack + 8192))
+     {
+       *sp++ = table[1][code];
+       if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp,			/* I - File to 
+       code = table[0][code];
+     }
+ 
+-    *sp++ = firstcode = table[1][code];
+-    code  = max_code;
+    if (sp < (stack + 8192))
+      *sp++ = firstcode = table[1][code];
+
+    code = max_code;
+ 
+     if (code < 4096)
+     {
--- a/cups.spec
+++ b/cups.spec
@ -8,7 +8,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.4.8
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@ -66,6 +66,7 @@ Patch31: cups-dnssd-deviceid.patch
 Patch32: cups-ricoh-deviceid-oid.patch
 Patch33: cups-texttops-rotate-page.patch
 Patch34: cups-polld-busy-loop.patch
+Patch35: cups-CVE-2011-2896.patch

 Patch100: cups-lspp.patch

@ -266,6 +267,8 @@ module.
 %patch33 -p1 -b .texttops-rotate-page
 # Avoid busy loop in cups-polld (bug #720921).
 %patch34 -p1 -b .polld-busy-loop
+# Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
+%patch35 -p1 -b .CVE-2011-2896

 %if %lspp
 # LSPP support.
@ -574,6 +577,9 @@ rm -rf $RPM_BUILD_ROOT
 %{php_extdir}/phpcups.so

 %changelog
+* Fri Aug 19 2011 Tim Waugh <twaugh@redhat.com> 1:1.4.8-2
+- Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
+
 * Tue Jul 26 2011 Jiri Popelka <jpopelka@redhat.com> 1:1.4.8-1
 - 1.4.8