packages/libtiff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!167 [sync] PR-163: fix CVE-2023-3316

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2023-06-26 06:38:14 +00:00 committed by Gitee
commit cb741ce6bf
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
backport-CVE-2023-3316.patch Normal file
View File

@ -0,0 +1,56 @@
From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Fri, 3 Feb 2023 17:38:55 +0100
Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515
Closes #515
Reference:https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536
Conflict:Adaptation Context
---
libtiff/tif_close.c | 11 +++++++----
tools/tiffcrop.c | 5 ++++-
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c
index 674518a..d1501fa 100644
--- a/libtiff/tif_close.c
+++ b/libtiff/tif_close.c
@@ -120,11 +120,14 @@ TIFFCleanup(TIFF* tif)
void
TIFFClose(TIFF* tif)
{
- TIFFCloseProc closeproc = tif->tif_closeproc;
- thandle_t fd = tif->tif_clientdata;
+ if (tif != NULL)
+ {
+ TIFFCloseProc closeproc = tif->tif_closeproc;
+ thandle_t fd = tif->tif_clientdata;
- TIFFCleanup(tif);
- (void) (*closeproc)(fd);
+ TIFFCleanup(tif);
+ (void)(*closeproc)(fd);
+ }
}
/* vim: set ts=8 sts=8 sw=8 noet: */
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index 55269d6..3f839d1 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -2553,7 +2553,10 @@ main(int argc, char* argv[])
}
}
- TIFFClose(out);
+ if (out != NULL)
+ {
+ TIFFClose(out);
+ }
return (0);
} /* end main */
--
2.33.0

6
libtiff.spec
View File

@ -1,6 +1,6 @@
Name: libtiff Name: libtiff
Version: 4.3.0 Version: 4.3.0
Release: 26 Release: 27
Summary: TIFF Library and Utilities Summary: TIFF Library and Utilities
License: libtiff License: libtiff
URL: https://www.simplesystems.org/libtiff/ URL: https://www.simplesystems.org/libtiff/
@ -37,6 +37,7 @@ Patch6027: backport-0002-CVE-2023-0795-0796-0797-0798-0799.patch
Patch6028: backport-CVE-2023-0800-0801-0802-0803-0804.patch Patch6028: backport-CVE-2023-0800-0801-0802-0803-0804.patch
Patch6029: backport-CVE-2023-2731.patch Patch6029: backport-CVE-2023-2731.patch
Patch6030: backport-CVE-2023-26965.patch Patch6030: backport-CVE-2023-26965.patch
Patch6031: backport-CVE-2023-3316.patch
Patch9000: fix-raw2tiff-floating-point-exception.patch Patch9000: fix-raw2tiff-floating-point-exception.patch
@ -160,6 +161,9 @@ find html -name 'Makefile*' | xargs rm
%exclude %{_datadir}/html/man/tiffgt.1.html %exclude %{_datadir}/html/man/tiffgt.1.html
%changelog %changelog
* Sun Jun 25 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-27
- fix CVE-2023-3316
* Thu Jun 15 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-26 * Thu Jun 15 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-26
- fix CVE-2023-26965 - fix CVE-2023-26965