rpms
/
slic3r
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security fix for CVE-2020-28591

This commit is contained in:
Miro Hrončok 2021-03-18 10:25:50 +01:00
parent 7e168e41ba
commit 6762986f74
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
slic3r-CVE-2020-28591.patch Normal file
View File

@ -0,0 +1,21 @@
diff --git a/xs/src/libslic3r/IO/AMF.cpp b/xs/src/libslic3r/IO/AMF.cpp
index 7433762..42e6491 100644
--- a/xs/src/libslic3r/IO/AMF.cpp
+++ b/xs/src/libslic3r/IO/AMF.cpp
@@ -344,9 +344,13 @@ void AMFParserContext::endElement(const char *name)
// Faces of the current volume:
case NODE_TYPE_TRIANGLE:
assert(m_object && m_volume);
- m_volume_facets.push_back(atoi(m_value[0].c_str()));
- m_volume_facets.push_back(atoi(m_value[1].c_str()));
- m_volume_facets.push_back(atoi(m_value[2].c_str()));
+ if (strtoul(m_value[0].c_str(), nullptr, 10) < m_object_vertices.size() &&
+ strtoul(m_value[1].c_str(), nullptr, 10) < m_object_vertices.size() &&
+ strtoul(m_value[2].c_str(), nullptr, 10) < m_object_vertices.size()) {
+ m_volume_facets.push_back(atoi(m_value[0].c_str()));
+ m_volume_facets.push_back(atoi(m_value[1].c_str()));
+ m_volume_facets.push_back(atoi(m_value[2].c_str()));
+ }
m_value[0].clear();
m_value[1].clear();
m_value[2].clear();

12
slic3r.spec
View File

@ -5,7 +5,7 @@
Name: slic3r
Version: 1.3.0
Release: 18%{?dist}
Release: 19%{?dist}
Summary: G-code generator for 3D printers (RepRap, Makerbot, Ultimaker etc.)
License: AGPLv3 and CC-BY
# Images are CC-BY, code is AGPLv3
@ -32,6 +32,10 @@ Patch9: %{name}-bind-placeholders.patch
# Use boost/nowide/cstdlib.hpp instead of boost/nowide/cenv.hpp (PR#4976)
Patch10: %{name}-boost-nowide.patch
# Security fix for CVE-2020-28591
# https://github.com/slic3r/Slic3r/pull/5063
Patch11: %{name}-CVE-2020-28591.patch
Source1: %{name}.desktop
Source2: %{name}.appdata.xml
@ -137,6 +141,7 @@ for more information.
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
# Optional removals
%if %{use_system_admesh}
@ -249,6 +254,11 @@ SLIC3R_NO_AUTO=1 perl Build.PL installdirs=vendor
%{_datadir}/%{name}
%changelog
* Thu Mar 18 2021 Miro Hrončok <mhroncok@redhat.com> - 1.3.0-19
- Security fix for CVE-2020-28591
- Resolves: rhbz#1934823
- Resolves: rhbz#1934824
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild