CVE-2017-1000249: stack based buffer overflow via specially crafted .notes section in an ELF binary

debian/patches/cherry-pick.FILE5_31-36-g35c94dc6.Fix-always-true-condition-Thomas-Jarosch.patch

@@ -0,0 +1,26 @@
+From: Christos Zoulas <christos@zoulas.com>
+Date: Sun, 27 Aug 2017 07:55:02 +0000
+Subject: Fix always true condition (Thomas Jarosch)
+Origin: https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-1000249
+
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 81451827..5f425c97 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+     size_t noff, size_t doff, int *flags)
+ {
+ 	if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
+-	    type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) {
++	    type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) {
+ 		uint8_t desc[20];
+ 		const char *btype;
+ 		uint32_t i;
+-- 
+2.14.1
+

debian/patches/series

@@ -24,6 +24,7 @@ cherry-pick.FILE5_30-47-gdc067431.fix-continuation-level-handling.patch
 cherry-pick.FILE5_30-48-gaee11eef.fix-out-of-bounds-read-found-by-oss-fuzz.patch
 cherry-pick.FILE5_30-49-gbf90083a.fix-memory-handling.patch
 cherry-pick.FILE5_30-52-gd8233d09.check-one-more-read-found-by-oss-fuzz.patch
+cherry-pick.FILE5_31-36-g35c94dc6.Fix-always-true-condition-Thomas-Jarosch.patch
 
 # local modifications
 local.support-local-definitions-in-etc-magic.patch