wok-next diff lcms/stuff/patches/lcms-1.19-cve_2013_4276-1.patch @ rev 20921
flake8 -> python-flake8
| author | Aleksej Bobylev <al.bobylev@gmail.com> |
|---|---|
| date | Wed Aug 22 11:18:36 2018 +0300 (2018-08-22) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/lcms/stuff/patches/lcms-1.19-cve_2013_4276-1.patch Wed Aug 22 11:18:36 2018 +0300 1.3 @@ -0,0 +1,74 @@ 1.4 +Submitted By: Fernando de Oliveira <famobr at yahoo dot com dot br> 1.5 +Date: 2015-03-24 1.6 +Initial Package Version: 1.19 1.7 +Upstream Status: unknown 1.8 +Origin: Arch Linux 1.9 +URL (CVE): https://www.suse.com/security/cve/CVE-2013-4276.html 1.10 +Description: Multiple stack-based buffer overflows in LittleCMS 1.11 + (aka lcms or liblcms) 1.19 and earlier allow remote 1.12 + attackers to cause a denial of service (crash) via a 1.13 + crafted (1) ICC color profile to the icctrans utility 1.14 + or (2) TIFF image to the tiffdiff utility. 1.15 + 1.16 +diff -ur lcms-1.19.dfsg/samples/icctrans.c lcms-1.19.dfsg-patched/samples/icctrans.c 1.17 +--- lcms-1.19.dfsg/samples/icctrans.c 2009-10-30 15:57:45.000000000 +0000 1.18 ++++ lcms-1.19.dfsg-patched/samples/icctrans.c 2013-08-06 11:53:14.385266647 +0100 1.19 +@@ -86,6 +86,8 @@ 1.20 + static LPcmsNAMEDCOLORLIST InputColorant = NULL; 1.21 + static LPcmsNAMEDCOLORLIST OutputColorant = NULL; 1.22 + 1.23 ++unsigned int Buffer_size = 4096; 1.24 ++ 1.25 + 1.26 + // isatty replacement 1.27 + 1.28 +@@ -500,7 +502,7 @@ 1.29 + 1.30 + Prefix[0] = 0; 1.31 + if (!lTerse) 1.32 +- sprintf(Prefix, "%s=", C); 1.33 ++ snprintf(Prefix, 20, "%s=", C); 1.34 + 1.35 + if (InHexa) 1.36 + { 1.37 +@@ -648,7 +650,9 @@ 1.38 + static 1.39 + void GetLine(char* Buffer) 1.40 + { 1.41 +- scanf("%s", Buffer); 1.42 ++ char User_buffer[Buffer_size]; 1.43 ++ fgets(User_buffer, (Buffer_size - 1), stdin); 1.44 ++ sscanf(User_buffer,"%s", Buffer); 1.45 + 1.46 + if (toupper(Buffer[0]) == 'Q') { // Quit? 1.47 + 1.48 +@@ -668,7 +672,7 @@ 1.49 + static 1.50 + double GetAnswer(const char* Prompt, double Range) 1.51 + { 1.52 +- char Buffer[4096]; 1.53 ++ char Buffer[Buffer_size]; 1.54 + double val = 0.0; 1.55 + 1.56 + if (Range == 0.0) { // Range 0 means double value 1.57 +@@ -738,7 +742,7 @@ 1.58 + static 1.59 + WORD GetIndex(void) 1.60 + { 1.61 +- char Buffer[4096], Name[40], Prefix[40], Suffix[40]; 1.62 ++ char Buffer[Buffer_size], Name[40], Prefix[40], Suffix[40]; 1.63 + int index, max; 1.64 + 1.65 + max = cmsNamedColorCount(hTrans)-1; 1.66 +diff -ur lcms-1.19.dfsg/tifficc/tiffdiff.c lcms-1.19.dfsg-patched/tifficc/tiffdiff.c 1.67 +--- lcms-1.19.dfsg/tifficc/tiffdiff.c 2009-10-30 15:57:46.000000000 +0000 1.68 ++++ lcms-1.19.dfsg-patched/tifficc/tiffdiff.c 2013-08-06 11:49:06.698951157 +0100 1.69 +@@ -633,7 +633,7 @@ 1.70 + cmsIT8SetSheetType(hIT8, "TIFFDIFF"); 1.71 + 1.72 + 1.73 +- sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2); 1.74 ++ snprintf(Buffer, 256, "Differences between %s and %s", TiffName1, TiffName2); 1.75 + 1.76 + cmsIT8SetComment(hIT8, Buffer); 1.77 +