rpms
/
ocaml-camlimages
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- ocaml-camlimages: TIFF reader multiple integer overflows (CVE 2009-3296 / 

RHBZ#528732).
This commit is contained in:
Richard W.M. Jones 2009-10-16 09:33:42 +00:00
parent c7be93b5e5
commit 2d7863ca7a
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
camlimages-oversized-tiff-check-CVE-2009-3296.patch Normal file
View File

@ -0,0 +1,27 @@
--- camlimages-3.0.1.old/src/tiffread.c 2007-01-18 10:29:57.000000000 +0000
+++ camlimages-3.0.1/src/tiffread.c 2009-10-16 10:26:53.841258260 +0100
@@ -21,6 +21,13 @@
#include <caml/memory.h>
#include <caml/fail.h>
+#include <limits.h>
+#define oversized(x, y) \
+ ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y)))
+
+#define failwith_oversized(lib) \
+ failwith("#lib error: image contains oversized or bogus width and height");
+
/* These are defined in caml/config.h */
#define int16 int16tiff
#define uint16 uint16tiff
@@ -64,6 +71,10 @@
TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric);
+ if (oversized (imagewidth, imagelength)) {
+ failwith_oversized("tiff");
+ }
+
if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){
if( imagebits != 8 ){
failwith("Sorry, tiff rgb file must be 24bit-color");

10
ocaml-camlimages.spec
View File

@ -4,7 +4,7 @@
Name: ocaml-camlimages
Version: 3.0.1
Release: 12%{?dist}
Release: 12%{?dist}.1
Summary: OCaml image processing library
Group: Development/Libraries
@ -20,6 +20,9 @@ Patch0: camlimages-3.0.1-display-module.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4
Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=528732
Patch2: camlimages-oversized-tiff-check-CVE-2009-3296.patch
BuildRequires: ocaml >= 3.10.1
BuildRequires: ocaml-lablgtk-devel
BuildRequires: ocaml-x11
@ -67,6 +70,7 @@ Includes documentation provided by ocamldoc
# the examples/liv directory, so rename it:
%patch0 -p1
%patch1 -p1
%patch2 -p1
aclocal -I .
automake
autoconf
@ -112,6 +116,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Fri Oct 16 2009 Richard W.M. Jones <rjones@redhat.com> - 3.0.1-12.fc12.1
- ocaml-camlimages: TIFF reader multiple integer overflows
(CVE 2009-3296 / RHBZ#528732).
* Tue Sep 29 2009 Richard W.M. Jones <rjones@redhat.com> - 3.0.1-12
- Force rebuild against newer lablgtk.