git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Browse Source

Fix CVE-2014-3480

Christoph Biedl 11 years ago
parent
30e3545fb9
commit
fc270169cf
2 changed files with 39 additions and 0 deletions
Split View Show Diff Stats
  1. 38 0
      debian/patches/CVE-2014-3480.patch
  2. 1 0
      debian/patches/series

+ 38 - 0
debian/patches/CVE-2014-3480.patch
View File 

@@ -0,0 +1,38 @@
 
+Subject: The cdf_count_chain function does not properly validate sector-count data
 
+ID: CVE-2014-3480
 
+Author: Christos Zoulas <christos@zoulas.com>
 
+Date: Wed Jun 4 17:23:19 2014 +0000
 
+Origin:
 
+    commit 40bade80cbe2af1d0b2cd0420cebd5d5905a2382
 
+Debian-Author: Holger Levsen <holger@debian.org>
 
+Comment:
 
+ made apply cleanly based on [origin]
 
+Reviewed-By: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
 
+Last-Update: 2014-09-07
 
+
 
+    Fix incorrect bounds check for sector count. (Francisco Alonso and Jan Kaluza
 
+    at RedHat)
 
+
 
+--- a/src/cdf.c
 
++++ b/src/cdf.c
 
+@@ -460,7 +460,8 @@
 
+ cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size)
 
+ {
 
+ 	size_t i, j;
 
+-	cdf_secid_t maxsector = (cdf_secid_t)(sat->sat_len * size);
 
++	cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size)
 
++	    / sizeof(maxsector));
 
+ 
+ 	DPRINTF(("Chain:"));
 
+ 	for (j = i = 0; sid >= 0; i++, j++) {
 
+@@ -470,8 +471,8 @@
 
+ 			errno = EFTYPE;
 
+ 			return (size_t)-1;
 
+ 		}
 
+-		if (sid > maxsector) {
 
+-			DPRINTF(("Sector %d > %d\n", sid, maxsector));
 
++		if (sid >= maxsector) {
 
++			DPRINTF(("Sector %d >= %d\n", sid, maxsector));
 
+ 			errno = EFTYPE;
 
+ 			return (size_t)-1;
 
+ 		}

+ 1 - 0
debian/patches/series
View File 

@@ -10,3 +10,4 @@ CVE-2014-0237.patch
 
 CVE-2014-0238.patch
 
 CVE-2014-3478.patch
 
 CVE-2014-3479.patch
 
+CVE-2014-3480.patch