[file/f20] fix redefinition of OFFSET_OOB in CVE-2014-2270 patch
Jan Kaluža
jkaluza at fedoraproject.org
Mon Mar 24 08:31:05 UTC 2014
commit 7eb85bd79d5ac662dfff381949b1c504c26ca24a
Author: Jan Kaluza <jkaluza at redhat.com>
Date: Mon Mar 24 09:31:09 2014 +0100
fix redefinition of OFFSET_OOB in CVE-2014-2270 patch
file-5.14-CVE-2014-1943.patch | 2 +-
file-5.14-CVE-2014-2270.patch | 8 --------
file.spec | 5 ++++-
3 files changed, 5 insertions(+), 10 deletions(-)
---
diff --git a/file-5.14-CVE-2014-1943.patch b/file-5.14-CVE-2014-1943.patch
index 5885118..7dcf22a 100644
--- a/file-5.14-CVE-2014-1943.patch
+++ b/file-5.14-CVE-2014-1943.patch
@@ -45,7 +45,7 @@ index 108d419..d543f87 100644
#include <stdlib.h>
#include <time.h>
-+#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o)))
++#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o)))
private int match(struct magic_set *, struct magic *, uint32_t,
const unsigned char *, size_t, size_t, int, int, int, int, int *, int *,
diff --git a/file-5.14-CVE-2014-2270.patch b/file-5.14-CVE-2014-2270.patch
index 69505eb..858390d 100644
--- a/file-5.14-CVE-2014-2270.patch
+++ b/file-5.14-CVE-2014-2270.patch
@@ -2,14 +2,6 @@ diff --git a/src/softmagic.c b/src/softmagic.c
index d543f87..e84205d 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
-@@ -63,6 +63,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *);
- private void cvt_32(union VALUETYPE *, const struct magic *);
- private void cvt_64(union VALUETYPE *, const struct magic *);
-
-+#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o)))
- /*
- * softmagic - lookup one file in parsed, in-memory copy of database
- * Passed the name and FILE * of one file to be typed.
@@ -1196,7 +1197,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
}
switch (cvt_flip(m->in_type, flip)) {
diff --git a/file.spec b/file.spec
index 96fa380..87a1f72 100644
--- a/file.spec
+++ b/file.spec
@@ -4,7 +4,7 @@
Summary: A utility for determining file types
Name: file
Version: 5.14
-Release: 18%{?dist}
+Release: 19%{?dist}
License: BSD
Group: Applications/File
Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@@ -200,6 +200,9 @@ cd %{py3dir}
%endif
%changelog
+* Mon Mar 24 2014 Jan Kaluza <jkaluza at redhat.com> - 5.14-19
+- fix redefinition of OFFSET_OOB in CVE-2014-2270 patch
+
* Mon Mar 24 2014 Jan Kaluza <jkaluza at redhat.com> - 5.14-18
- fix #1079847 - fix for CVE-2013-7345
More information about the scm-commits
mailing list