!1 package init

Merge pull request !1 from fun_yang/master

Sanity-check-size-passed-to-malloc.patch

@@ -0,0 +1,33 @@
+From 435a2ca802358a3debb6d164d2c33049131df81c Mon Sep 17 00:00:00 2001
+From: Phillip Hellewell <sshock@gmail.com>
+Date: Sat, 10 Mar 2018 18:05:39 -0700
+Subject: [PATCH 3/4] Sanity check size passed to malloc...
+
+Add sanity check before calling malloc in af_get_page() function to
+avoid undefined behavior (e.g., seg fault) when dealing with a corrupt
+AFF image with an invalid pagesize.
+
+Issue found by Luis Rocha (luiscrocha@gmail.com).
+---
+ lib/afflib_pages.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/afflib_pages.cpp b/lib/afflib_pages.cpp
+index 2569c2a..f8cf775 100644
+--- a/lib/afflib_pages.cpp
++++ b/lib/afflib_pages.cpp
+@@ -219,6 +219,11 @@ int af_get_page(AFFILE *af,int64_t pagenum,unsigned char *data,size_t *bytes)
+ 	    return -3;			// read error
+ 	}
+ 
++	/* Sanity check to avoid undefined behaviour when calling malloc below with pagesize from a corrupt AFF image. */
++	if(af->image_pagesize <= 0 || af->image_pagesize > 16*1024*1024)
++	    return -1;
++
++
+ 	/* Now uncompress directly into the buffer provided by the caller, unless the caller didn't
+ 	 * provide a buffer. If that happens, allocate our own...
+ 	 */
+-- 
+2.13.6
+

afflib.spec

@@ -0,0 +1,79 @@
+Name:           afflib
+Version:        3.7.16
+Release:        8
+Summary:        Libraries supporting advanced forensic formats
+
+License:        BSD with advertising
+URL:            https://github.com/sshock/AFFLIBv3
+Source0:        %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         Sanity-check-size-passed-to-malloc.patch
+
+BuildRequires:  gcc-c++ libtool curl-devel expat-devel lzma-devel zlib-devel
+BuildRequires:  ncurses-devel libtermcap-devel openssl-devel python2-devel
+
+Provides:      afftools = %{version}-%{release}
+Obsoletes:     afftools < %{version}-%{release}
+
+%description
+AFF® is an open and extensible file format designed to store
+disk images and associated metadata.
+
+%package        devel
+Summary:        Development files for %{name}
+Requires:       %{name} = %{version}-%{release}
+Requires:       openssl-devel pkgconfig
+
+%description    devel
+The %{name}-devel package contains libraries for
+developing applications that use %{name}.
+
+%package        help
+Summary:        Help for %{name}
+
+%description  help
+The %{name}-help package contains help for %{name}.
+
+%prep
+%autosetup -p1 -n AFFLIBv3-%{version}
+
+find lzma443 -type f -exec chmod 0644 {} ';'
+chmod 0644 lib/base64.{h,cpp}
+
+./bootstrap.sh
+
+%build
+%configure --enable-shared --disable-static --enable-python=yes --enable-s3=yes
+
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
+%make_build
+
+
+%install
+%make_install
+%delete_la
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%license COPYING
+%{_libdir}/*.so.*
+%{_bindir}/aff*
+%{python2_sitearch}/*
+
+%files devel
+%doc doc/crypto_design.txt doc/crypto_doc.txt
+%{_includedir}/afflib/
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/afflib.pc
+
+%files help
+%doc AUTHORS BUGLIST.txt ChangeLog NEWS README
+%doc doc/announce_2.2.txt
+%{_mandir}/man1/aff*.1.*
+
+%changelog
+* Wed Feb 22 2019 yangjian<yangjian79@huawei.com> - 3.7.16-8
+- Package init