packages/qpdf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!28 [sync] PR-25: Fix CVE-2021-25786

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001
This commit is contained in:
openeuler-ci-bot 2023-08-21 07:49:41 +00:00 committed by Gitee
commit 7a536428a3
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 92 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
CVE-2021-25786.patch Normal file
View File

@ -0,0 +1,85 @@
From 74e00158f5da252b7f8e75e33dd9393f3ac6d3ef Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Mon, 21 Aug 2023 11:02:15 +0800
Subject: [PATCH 1/1] Fix some pipelines to be safe if downstream write fails (fuzz
issue 28262)
Origin:
https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5
---
libqpdf/Pl_AES_PDF.cc | 2 +-
libqpdf/Pl_ASCII85Decoder.cc | 7 +++++--
libqpdf/Pl_ASCIIHexDecoder.cc | 6 ++++--
libqpdf/Pl_Count.cc | 2 +-
4 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/libqpdf/Pl_AES_PDF.cc b/libqpdf/Pl_AES_PDF.cc
index 5c493cb..64c9f15 100644
--- a/libqpdf/Pl_AES_PDF.cc
+++ b/libqpdf/Pl_AES_PDF.cc
@@ -260,6 +260,6 @@ Pl_AES_PDF::flush(bool strip_padding)
}
}
}
- getNext()->write(this->outbuf, bytes);
this->offset = 0;
+ getNext()->write(this->outbuf, bytes);
}
diff --git a/libqpdf/Pl_ASCII85Decoder.cc b/libqpdf/Pl_ASCII85Decoder.cc
index 3a3b57b..4c888ee 100644
--- a/libqpdf/Pl_ASCII85Decoder.cc
+++ b/libqpdf/Pl_ASCII85Decoder.cc
@@ -119,10 +119,13 @@ Pl_ASCII85Decoder::flush()
QTC::TC("libtests", "Pl_ASCII85Decoder partial flush",
(this->pos == 5) ? 0 : 1);
- getNext()->write(outbuf, this->pos - 1);
-
+ // Reset before calling getNext()->write in case that throws an
+ // exception.
+ auto t = this->pos - 1;
this->pos = 0;
memset(this->inbuf, 117, 5);
+
+ getNext()->write(outbuf, t);
}
void
diff --git a/libqpdf/Pl_ASCIIHexDecoder.cc b/libqpdf/Pl_ASCIIHexDecoder.cc
index d6acab2..6855a25 100644
--- a/libqpdf/Pl_ASCIIHexDecoder.cc
+++ b/libqpdf/Pl_ASCIIHexDecoder.cc
@@ -97,12 +97,14 @@ Pl_ASCIIHexDecoder::flush()
QTC::TC("libtests", "Pl_ASCIIHexDecoder partial flush",
(this->pos == 2) ? 0 : 1);
- getNext()->write(&ch, 1);
-
+ // Reset before calling getNext()->write in case that throws an
+ // exception.
this->pos = 0;
this->inbuf[0] = '0';
this->inbuf[1] = '0';
this->inbuf[2] = '\0';
+
+ getNext()->write(&ch, 1);
}
void
diff --git a/libqpdf/Pl_Count.cc b/libqpdf/Pl_Count.cc
index c76a5e2..6dec58a 100644
--- a/libqpdf/Pl_Count.cc
+++ b/libqpdf/Pl_Count.cc
@@ -17,8 +17,8 @@ Pl_Count::write(unsigned char* buf, size_t len)
if (len)
{
this->count += len;
- getNext()->write(buf, len);
this->last_char = buf[len - 1];
+ getNext()->write(buf, len);
}
}
--
2.30.0

8
qpdf.spec
View File

@ -1,6 +1,6 @@
Name: qpdf
Version: 8.4.2
Release: 3
Release: 4
Summary: A command-line program to transform PDF files
License: (Artistic 2.0 or ASL 2.0) and MIT
URL: http://qpdf.sourceforge.net/
@ -8,6 +8,8 @@ Source0: http://downloads.sourceforge.net/sourceforge/qpdf/qpdf-%{version
Patch0000: qpdf-doc.patch
Patch0001: qpdf-erase-tests-with-generated-object-stream.patch
# https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5
Patch0002: CVE-2021-25786.patch
BuildRequires: gcc gcc-c++ zlib-devel libjpeg-turbo-devel pcre-devel
BuildRequires: perl-interpreter perl-generators perl(Digest::MD5)
@ -42,6 +44,7 @@ This package contains some man help and other files for %{name}.
%prep
%setup
%patch0000 -p1
%patch0002 -p1
%ifarch aarch64
%patch0001 -p1
%endif
@ -84,6 +87,9 @@ make check
%{_mandir}/man1/*
%changelog
* Mon Aug 21 2023 yaoxin <yao_xin001@hoperun.com> - 8.4.2-4
- Fix CVE-2021-25786
* Tue Nov 29 2022 Ge Wang <wangge20@h-partners.com> - 8.4.2-3
- fix missing patch when get src package from x86 architecture