[file/f21] fix #1155464 - fix for CVE-2014-3710

Jan Kaluža jkaluza at fedoraproject.org
Thu Oct 23 07:20:07 UTC 2014 

commit d88099c933f9ee9ebeade2a26aca207ad55359eb
Author: Jan Kaluza <jkaluza at redhat.com>
Date:   Thu Oct 23 09:20:08 2014 +0200

    fix #1155464 - fix for CVE-2014-3710

 file-5.20-CVE-2014-3710.patch |   28 ++++++++++++++++++++++++++++
 file.spec                     |    7 ++++++-
 2 files changed, 34 insertions(+), 1 deletions(-)
---
diff --git a/file-5.20-CVE-2014-3710.patch b/file-5.20-CVE-2014-3710.patch
new file mode 100644
index 0000000..0fcf703
--- /dev/null
+++ b/file-5.20-CVE-2014-3710.patch
@@ -0,0 +1,28 @@
+From 39c7ac1106be844a5296d3eb5971946cc09ffda0 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos at zoulas.com>
+Date: Fri, 17 Oct 2014 15:49:00 +0000
+Subject: [PATCH] Fix note bounds reading, Francisco Alonso / Red Hat
+
+---
+ ChangeLog     | 4 ++++
+ src/readelf.c | 9 ++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 08f81f5..9ebdebd 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
+ 	uint32_t namesz, descsz;
+ 	unsigned char *nbuf = CAST(unsigned char *, vbuf);
+ 
++	if (xnh_sizeof + offset > size) {
++		/*
++		 * We're out of note headers.
++		 */
++		return xnh_sizeof + offset;
++	}
++
+ 	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
+ 	offset += xnh_sizeof;
+ 
diff --git a/file.spec b/file.spec
index f9765da..dadcdbf 100644
--- a/file.spec
+++ b/file.spec
@@ -4,7 +4,7 @@
 Summary: A utility for determining file types
 Name: file
 Version: 5.19
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: BSD
 Group: Applications/File
 Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@@ -24,6 +24,7 @@ Patch11: file-5.19-locale-archive.patch
 Patch12: file-5.19-msooxml.patch
 Patch13: file-5.19-python-3.4.patch
 Patch14: file-5.19-cafebabe.patch
+Patch15: file-5.20-CVE-2014-3710.patch
 URL: http://www.darwinsys.com/file/
 Requires: file-libs = %{version}-%{release}
 BuildRequires: zlib-devel
@@ -98,6 +99,7 @@ file(1) command.
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
 
 # Patches can generate *.orig files, which can't stay in the magic dir,
 # otherwise there will be problems with compiling magic file!
@@ -206,6 +208,9 @@ cd %{py3dir}
 %endif
 
 %changelog
+* Thu Oct 23 2014 Jan Kaluza <jkaluza at redhat.com> - 5.19-7
+- fix #1155464 - fix for CVE-2014-3710
+
 * Wed Sep 03 2014 Jan Kaluza <jkaluza at redhat.com> - 5.19-6
 - fix #1134580 - detect Mach-O universal binary

More information about the scm-commits mailing list