Fix CVE-2017-14860. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14860 https://nvd.nist.gov/vuln/detail/CVE-2017-14860 Copied from upstream: https://github.com/Exiv2/exiv2/commit/ff18fec24b119579df26fd2ebb8bb012cde102ce From ff18fec24b119579df26fd2ebb8bb012cde102ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Fri, 6 Oct 2017 23:09:08 +0200 Subject: [PATCH] Fix for CVE-2017-14860 A heap buffer overflow could occur in memcpy when icc.size_ is larger than data.size_ - pad, as then memcpy would read out of bounds of data. This commit adds a sanity check to iccLength (= icc.size_): if it is larger than data.size_ - pad (i.e. an overflow would be caused) an exception is thrown. This fixes #71. --- src/jp2image.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/jp2image.cpp b/src/jp2image.cpp index 747145cf..748d39b5 100644 --- a/src/jp2image.cpp +++ b/src/jp2image.cpp @@ -269,10 +269,15 @@ namespace Exiv2 std::cout << "Exiv2::Jp2Image::readMetadata: " << "Color data found" << std::endl; #endif - long pad = 3 ; // 3 padding bytes 2 0 0 + const long pad = 3 ; // 3 padding bytes 2 0 0 DataBuf data(subBox.length+8); io_->read(data.pData_,data.size_); - long iccLength = getULong(data.pData_+pad, bigEndian); + const long iccLength = getULong(data.pData_+pad, bigEndian); + // subtracting pad from data.size_ is safe: + // size_ is at least 8 and pad = 3 + if (iccLength > data.size_ - pad) { + throw Error(58); + } DataBuf icc(iccLength); ::memcpy(icc.pData_,data.pData_+pad,icc.size_); #ifdef DEBUG href='/guix/log/gnu?id=702f3911962eb541d07e1976b43bf39e829c6994'>gnu/machine
Fetch latest Guix build from ci.guix.gnu.org.
AgeCommit message (Expand)Author
2023-08-08system: Do not check initrd modules for pseudo file systems....Reported by hako on #guix. * gnu/machine/ssh.scm (machine-check-initrd-modules): Filter out pseudo file systems from 'file-systems'. * guix/scripts/system.scm (check-initrd-modules): Likewise. Ludovic Courtès
2022-11-17machine: ssh: Validate 'system' field.
2021-11-16daemon: Do not deduplicate files smaller than 8 KiB....Files smaller than 8 KiB typically represent ~70% of the entries in /gnu/store/.links but only contribute to ~4% of the space savings afforded by deduplication. Not considering these files for deduplication speeds up file insertion in the store and, more importantly, leaves 'removeUnusedLinks' with fewer entries to traverse, thereby speeding it up proportionally. Partly fixes <https://issues.guix.gnu.org/24937>. * config-daemon.ac: Remove symlink hard link check and CAN_LINK_SYMLINK definition. * guix/store/deduplication.scm (%deduplication-minimum-size): New variable. (deduplicate)[loop]: Do not recurse when FILE's size is below %DEDUPLICATION-MINIMUM-SIZE. (dump-port): New procedure. (dump-file/deduplicate)[hash]: Turn into... [dump-and-compute-hash]: ... this thunk. Call 'deduplicate' only when SIZE is greater than %DEDUPLICATION-MINIMUM-SIZE; otherwise call 'dump-port'. * nix/libstore/gc.cc (LocalStore::removeUnusedLinks): Drop files where st.st_size < deduplicationMinSize. * nix/libstore/local-store.hh (deduplicationMinSize): New declaration. * nix/libstore/optimise-store.cc (deduplicationMinSize): New variable. (LocalStore::optimisePath_): Return when PATH is a symlink or smaller than 'deduplicationMinSize'. * tests/derivations.scm ("identical files are deduplicated"): Produce files bigger than %DEDUPLICATION-MINIMUM-SIZE. * tests/nar.scm ("restore-file-set with directories (signed, valid)"): Likewise. * tests/store-deduplication.scm ("deduplicate, below %deduplication-minimum-size"): New test. ("deduplicate", "deduplicate, ENOSPC"): Produce files bigger than %DEDUPLICATION-MINIMUM-SIZE. * tests/store.scm ("substitute, deduplication"): Likewise. Ludovic Courtès
Ricardo Wurmus
2022-10-17guix: Fix typos....These typos were found and reported through weblate. * gnu/packages/audio.scm (wildmidi)[description]: Fix typo. * gnu/packages/games.scm (cgoban)[description]: Fix typo. * gnu/services/version-control.scm (gitolite-service-type)[description]: Fix typo. * gnu/installer/newt/substitutes.scm (run-substitutes-page): Remove full stop at end of title. * gnu/machine/ssh.scm (machine-ssh-configuration-system): Move punctuation outside of quotes. * guix/scripts/home.scm (process-action): Remove trailing space before newline. * guix/scripts/system.scm (show-help): Fix typo. * guix/scripts/environment.scm (with-store/maybe): Fix typo. Julien Lepiller
2022-09-26machine: ssh: Parameterize '%current-system' early on....Fixes <https://issues.guix.gnu.org/58084>. Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>. Previously, "sanity checks" and other operations would happen in a context where '%current-system' has its default value. Thus, running 'guix deploy' on x86_64-linux machine for an aarch64-linux one would lead things like '%base-initrd-modules' to see "x86_64-linux" as the '%current-system' value, in turn making the wrong choices. * gnu/machine/ssh.scm (check-deployment-sanity)[assertions]: Wrap in 'parameterize'. (deploy-managed-host): Likewise for the 'mlet' body. Ludovic Courtès
2022-09-04Fix misspelling of GUIX_DIGITAL_OCEAN_TOKEN....* gnu/machine/digital-ocean.scm (maybe-raise-missing-api-key-error): Fix misspelling of GUIX_DIGITAL_OCEAN_TOKEN. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Matthew James Kraai