Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 381674 Details for
Bug 503582
<sys-apps/file-5.18: out-of-bounds memory access when parsing Portable Executable (PE) format files (CVE-2014-2270)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
file-5.11-CVE-2014-2270.patch
file-5.11-CVE-2014-2270.patch (text/plain), 3.69 KB, created by
Andrey Ovcharov
on 2014-07-27 19:07:33 UTC
(
hide
)
Description:
file-5.11-CVE-2014-2270.patch
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2014-07-27 19:07:33 UTC
Size:
3.69 KB
patch
obsolete
>diff --git a/src/softmagic.c b/src/softmagic.c >index 56f09ee..8d08cad 100644 >--- a/src/softmagic.c >+++ b/src/softmagic.c >@@ -61,6 +61,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *); > private void cvt_32(union VALUETYPE *, const struct magic *); > private void cvt_64(union VALUETYPE *, const struct magic *); > >+#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) > /* > * softmagic - lookup one file in parsed, in-memory copy of database > * Passed the name and FILE * of one file to be typed. >@@ -1081,7 +1082,7 @@ mget(struct magic_set *ms, const unsigned char *s, > } > switch (m->in_type) { > case FILE_BYTE: >- if (nbytes < (offset + 1)) >+ if (OFFSET_OOB(nbytes, offset, 1)) > return 0; > if (off) { > switch (m->in_op & FILE_OPS_MASK) { >@@ -1116,7 +1117,8 @@ mget(struct magic_set *ms, const unsigned char *s, > offset = ~offset; > break; > case FILE_BESHORT: >- if (nbytes < (offset + 2)) >+ >+ if (OFFSET_OOB(nbytes, offset, 2)) > return 0; > if (off) { > switch (m->in_op & FILE_OPS_MASK) { >@@ -1168,7 +1170,7 @@ mget(struct magic_set *ms, const unsigned char *s, > offset = ~offset; > break; > case FILE_LESHORT: >- if (nbytes < (offset + 2)) >+ if (OFFSET_OOB(nbytes, offset, 2)) > return 0; > if (off) { > switch (m->in_op & FILE_OPS_MASK) { >@@ -1220,7 +1222,7 @@ mget(struct magic_set *ms, const unsigned char *s, > offset = ~offset; > break; > case FILE_SHORT: >- if (nbytes < (offset + 2)) >+ if (OFFSET_OOB(nbytes, offset, 2)) > return 0; > if (off) { > switch (m->in_op & FILE_OPS_MASK) { >@@ -1257,7 +1259,7 @@ mget(struct magic_set *ms, const unsigned char *s, > break; > case FILE_BELONG: > case FILE_BEID3: >- if (nbytes < (offset + 4)) >+ if (OFFSET_OOB(nbytes, offset, 4)) > return 0; > if (off) { > switch (m->in_op & FILE_OPS_MASK) { >@@ -1328,7 +1330,7 @@ mget(struct magic_set *ms, const unsigned char *s, > break; > case FILE_LELONG: > case FILE_LEID3: >- if (nbytes < (offset + 4)) >+ if (OFFSET_OOB(nbytes, offset, 4)) > return 0; > if (off) { > switch (m->in_op & FILE_OPS_MASK) { >@@ -1398,7 +1400,7 @@ mget(struct magic_set *ms, const unsigned char *s, > offset = ~offset; > break; > case FILE_MELONG: >- if (nbytes < (offset + 4)) >+ if (OFFSET_OOB(nbytes, offset, 4)) > return 0; > if (off) { > switch (m->in_op & FILE_OPS_MASK) { >@@ -1468,7 +1470,7 @@ mget(struct magic_set *ms, const unsigned char *s, > offset = ~offset; > break; > case FILE_LONG: >- if (nbytes < (offset + 4)) >+ if (OFFSET_OOB(nbytes, offset, 4)) > return 0; > if (off) { > switch (m->in_op & FILE_OPS_MASK) { >@@ -1535,14 +1537,14 @@ mget(struct magic_set *ms, const unsigned char *s, > /* Verify we have enough data to match magic type */ > switch (m->type) { > case FILE_BYTE: >- if (nbytes < (offset + 1)) /* should alway be true */ >+ if (OFFSET_OOB(nbytes, offset, 1)) > return 0; > break; > > case FILE_SHORT: > case FILE_BESHORT: > case FILE_LESHORT: >- if (nbytes < (offset + 2)) >+ if (OFFSET_OOB(nbytes, offset, 2)) > return 0; > break; > >@@ -1561,26 +1563,26 @@ mget(struct magic_set *ms, const unsigned char *s, > case FILE_FLOAT: > case FILE_BEFLOAT: > case FILE_LEFLOAT: >- if (nbytes < (offset + 4)) >+ if (OFFSET_OOB(nbytes, offset, 4)) > return 0; > break; > > case FILE_DOUBLE: > case FILE_BEDOUBLE: > case FILE_LEDOUBLE: >- if (nbytes < (offset + 8)) >+ if (OFFSET_OOB(nbytes, offset, 8)) > return 0; > break; > > case FILE_STRING: > case FILE_PSTRING: > case FILE_SEARCH: >- if (nbytes < (offset + m->vallen)) >+ if (OFFSET_OOB(nbytes, offset, m->vallen)) > return 0; > break; > > case FILE_REGEX: >- if (nbytes < offset) >+ if (OFFSET_OOB(nbytes, offset, 0)) > return 0; > break; >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 503582
: 381674