[freexl] 03/04: Add patch to fix vulnerabilities identified by American Fuzzy Lop.
Sebastiaan Couwenberg
sebastic at moszumanska.debian.org
Thu Mar 26 19:27:27 UTC 2015
This is an automated email from the git hooks/post-receive script.
sebastic pushed a commit to branch wheezy
in repository freexl.
commit f845ebd9ccb681ebab93ac6953247194c0d4b959
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date: Thu Mar 26 11:38:10 2015 +0100
Add patch to fix vulnerabilities identified by American Fuzzy Lop.
---
debian/changelog | 2 +
debian/patches/afl-vulnerabilitities.patch | 63 ++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 66 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 2d7a7c3..a337fd3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ freexl (1.0.0b-2) UNRELEASED; urgency=medium
* Add myself to Uploaders.
* Update Vcs-* URLs for move to pkg-grass & wheezy branch for Vcs-Git.
+ * Add patch to fix vulnerabilities identified by American Fuzzy Lop.
+ (closes: #781228)
-- Bas Couwenberg <sebastic at debian.org> Thu, 26 Mar 2015 11:11:41 +0100
diff --git a/debian/patches/afl-vulnerabilitities.patch b/debian/patches/afl-vulnerabilitities.patch
new file mode 100644
index 0000000..a03b721
--- /dev/null
+++ b/debian/patches/afl-vulnerabilitities.patch
@@ -0,0 +1,63 @@
+Description: Fix critical bugs identified by American Fuzzy Lop.
+Origin: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1
+Author: Alessandro Furieri <a.furieri at lqt.it>
+Bug-Debian: https://bugs.debian.org/781228
+
+--- a/src/freexl.c
++++ b/src/freexl.c
+@@ -1062,6 +1062,11 @@ allocate_cells (biff_workbook * workbook
+ unsigned int col;
+ biff_cell_value *p_cell;
+
++ if (workbook == NULL)
++ return FREEXL_NULL_ARGUMENT;
++ if (workbook->active_sheet == NULL)
++ return FREEXL_NULL_ARGUMENT;
++
+ /* allocating the cell values array */
+ workbook->active_sheet->cell_values =
+ malloc (sizeof (biff_cell_value) *
+@@ -1707,6 +1712,11 @@ parse_SST (biff_workbook * workbook, int
+ swap32 (&n_strings);
+ p_string = workbook->record + 8;
+ workbook->shared_strings.string_count = n_strings.value;
++ if (workbook->shared_strings.string_count > 1024 * 1024)
++ {
++ /* unexpected huge count ... cowardly giving up ... */
++ return FREEXL_INSUFFICIENT_MEMORY;
++ }
+ workbook->shared_strings.utf8_strings =
+ malloc (sizeof (char **) * workbook->shared_strings.string_count);
+ for (i_string = 0; i_string < workbook->shared_strings.string_count;
+@@ -3634,6 +3644,8 @@ read_biff_next_record (biff_workbook * w
+ unsigned int already_done;
+ unsigned int chunk =
+ workbook->sector_end - (workbook->p_in - workbook->sector_buf);
++ if (workbook->sector_end <= (workbook->p_in - workbook->sector_buf))
++ return -1;
+ memcpy (workbook->record, workbook->p_in, chunk);
+ workbook->p_in += chunk;
+ already_done = chunk;
+@@ -3710,6 +3722,10 @@ read_mini_biff_next_record (biff_workboo
+ workbook->record_type = record_type.value;
+ workbook->record_size = record_size.value;
+
++ if ((workbook->p_in - workbook->fat->miniStream) + workbook->record_size >
++ (int) workbook->size)
++ return 0; /* unexpected EOF */
++
+ memcpy (workbook->record, workbook->p_in, workbook->record_size);
+ workbook->p_in += record_size.value;
+
+@@ -3947,7 +3963,10 @@ common_open (const char *path, const voi
+ p_sheet->columns += 1;
+ ret = allocate_cells (workbook);
+ if (ret != FREEXL_OK)
+- return ret;
++ {
++ errcode = ret;
++ goto stop;
++ }
+ p_sheet->valid_dimension = 1;
+ workbook->second_pass = 1;
+ }
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..079be2f
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+afl-vulnerabilitities.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/freexl.git
More information about the Pkg-grass-devel
mailing list