Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com [209.85.219.174]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 5342F7819C2 for ; Wed, 23 Oct 2019 01:12:32 +0000 (UTC) Received: by mail-yb1-f174.google.com with SMTP id i6so5807649ybe.2 for ; Tue, 22 Oct 2019 18:12:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=U8dpsEfKtb+Bl6A5iTqLpd9P83OHOOUaUGCnXRAR65M=; b=MNj/epIKt0zvSLMtz7b6J2XtPkFremT/Le5f5jSInNNJ+2cdpVvn/EBakz2eqovRPn tEutUvvWtAdW6xfu3ANsvdR2ftqkQifb1yRGA3FIYjVjDyRGHs7Vv/UaWWaeIL1aYfxP LX+Y1n16V9QXPqYs5Ha2GUuB4dfsfDMNDqyUWemFOSrocr/WSDnRJPi4b6w9Plr9Zvci DCm5ZnfOMm+cC96ogzIZoTTcY8DGyhQdmz49uIk8hu9KtX6ktrC2vdMxGBhWRhPdjSWJ ke29jEJQGlShzEsUQ8SrYFiFaexTkuY4FhMVxjWMTQzrpbe3vOp/ZLTTzmIhfSEce92I krxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=U8dpsEfKtb+Bl6A5iTqLpd9P83OHOOUaUGCnXRAR65M=; b=iLE8X6KExXi85TYc+MoADsWv3AnLIzDDDfTOfSPr96VL04bQFiiN1lEMSN/MjZA3cj F494aGckZAYdvNl9+NQfZvOnwnD1M/ywY2nho52rwsSNq36LPGNCvHLoMfr+yr6beMvD h/dTX8Xv1L7qHd4nLIbNskBwcrz25LHretpgFK3zR+rsR7lGPFBa1Vo6Cg/GGh6XwmWw 2tfSv/3UA3T1IP7RP9H9ztHLVBj4LRyuyn1Y8KjYhH+W370WSJqudUlfyAgBqW5q6MrN nyfJFeQS6UrP+JklxOGBvB/fkFu7QdD80iwj+aG44J4kX064YPg/a8R9oZFOBnys5w6L he0Q== X-Gm-Message-State: APjAAAWAJAl9wFZugrJxATaSKJKIksNB2D7KgzHCAgmN50L5ExL5y4mG c9n8gNfqcy5j7YTN1Sz/pz+F+tO4IAU= X-Google-Smtp-Source: APXvYqzsfQOlZzKmmSedKTvZZutLzc/9ytSb/QgDhlIlkZcgp2y5SoV6lefutTgYuF2OfJzFHg3dLQ== X-Received: by 2002:a25:d102:: with SMTP id i2mr4569915ybg.468.1571793150390; Tue, 22 Oct 2019 18:12:30 -0700 (PDT) Received: from alpine.my.domain ([2600:6c58:7200:2e6a:76d4:35ff:fee6:b7c]) by smtp.gmail.com with ESMTPSA id d191sm467038ywd.71.2019.10.22.18.12.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Oct 2019 18:12:29 -0700 (PDT) From: Nathan Owens To: alpine-aports@lists.alpinelinux.org Cc: Nathan Owens Subject: [PATCH] main/file Date: Tue, 22 Oct 2019 20:11:40 +0000 Message-Id: <20191022201140.1035-1-ndowens04@gmail.com> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit CVE:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218 Patch:https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84?diff=unified --- main/file/APKBUILD | 10 ++++-- main/file/CVE-2019-18218.patch | 59 ++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 main/file/CVE-2019-18218.patch diff --git a/main/file/APKBUILD b/main/file/APKBUILD index 433245e420..62d9e27554 100644 --- a/main/file/APKBUILD +++ b/main/file/APKBUILD @@ -9,7 +9,8 @@ arch="all" license="BSD-2-Clause" makedepends="autoconf libtool automake" subpackages="$pkgname-dev $pkgname-doc libmagic" -source=$pkgname-$pkgver.tar.gz::https://github.com/file/file/archive/FILE${pkgver/./_}.tar.gz +source="$pkgname-$pkgver.tar.gz::https://github.com/file/file/archive/FILE${pkgver/./_}.tar.gz + CVE-2019-18218.patch" builddir="$srcdir/$pkgname-FILE${pkgver/./_}" # secfixes: @@ -20,6 +21,10 @@ builddir="$srcdir/$pkgname-FILE${pkgver/./_}" # - CVE-2019-8906 # - CVE-2019-8907 +prepare() { + #secfix CVE-2019-18218 + patch -p1 -i "$srcdir"/CVE-2019-18218.patch +} build() { SH_LIBTOOL='/usr/share/build-1/libtool' autoreconf -f -i ./configure \ @@ -44,4 +49,5 @@ libmagic() { mv "$pkgdir"/usr/lib "$pkgdir"/usr/share "$subpkgdir"/usr } -sha512sums="9b6ae3dd910a03d2161c91ebc75ac91eb7dbd279563462b77daf902d9ae9f0a70de12c37a498b20c6357d6594059d01841bfd104592107b65c08d8343fca19d2 file-5.37.tar.gz" +sha512sums="9b6ae3dd910a03d2161c91ebc75ac91eb7dbd279563462b77daf902d9ae9f0a70de12c37a498b20c6357d6594059d01841bfd104592107b65c08d8343fca19d2 file-5.37.tar.gz +62f9b2fc8f3daeeaa82b5f1fada4ebf84c149ff127b96d610ab210a2b581c5a29385d3b9267fbacc4cadb22ddfafeb5550aab6a926eba099c36e041e11b4a0e5 CVE-2019-18218.patch" diff --git a/main/file/CVE-2019-18218.patch b/main/file/CVE-2019-18218.patch new file mode 100644 index 0000000000..f86e2709ea --- /dev/null +++ b/main/file/CVE-2019-18218.patch @@ -0,0 +1,59 @@ +From b15ccbf355faa2203cccd4e29fa6206b1a1aa1b8 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Mon, 26 Aug 2019 14:31:39 +0000 +Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz) + +--- + src/cdf.c | 9 ++++----- + src/cdf.h | 1 + + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/cdf.c b/src/cdf.c +index 556a3ff8..e4835fef 100644 +--- a/src/cdf.c ++++ b/src/cdf.c +@@ -35,7 +35,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: cdf.c,v 1.114 2019/02/20 02:35:27 christos Exp $") ++FILE_RCSID("@(#)$File: cdf.c,v 1.116 2019/08/26 14:31:39 christos Exp $") + #endif + + #include +@@ -1013,8 +1013,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + } + nelements = CDF_GETUINT32(q, 1); +- if (nelements == 0) { +- DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == %" ++ SIZE_T_FORMAT "u\n", nelements)); + goto out; + } + slen = 2; +@@ -1056,8 +1057,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + inp += nelem; + } +- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", +- nelements)); + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { +diff --git a/src/cdf.h b/src/cdf.h +index 2f7e554b..05056668 100644 +--- a/src/cdf.h ++++ b/src/cdf.h +@@ -48,6 +48,7 @@ + typedef int32_t cdf_secid_t; + + #define CDF_LOOP_LIMIT 10000 ++#define CDF_ELEMENT_LIMIT 100000 + + #define CDF_SECID_NULL 0 + #define CDF_SECID_FREE -1 +-- +2.23.0 + -- 2.23.0