#33933 [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431}.

Message #11 received at 33933@debbugs.gnu.org (full text, mbox, reply):

Received: (at 33933) by debbugs.gnu.org; 30 Dec 2018 23:19:07 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 30 18:19:07 2018
Received: from localhost ([127.0.0.1]:42684 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1gdkMN-0002nH-Af
	for submit@debbugs.gnu.org; Sun, 30 Dec 2018 18:19:07 -0500
Received: from mail-pl1-f171.google.com ([209.85.214.171]:46420)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <alexvong1995@gmail.com>) id 1gdkMI-0002mb-IX
 for 33933@debbugs.gnu.org; Sun, 30 Dec 2018 18:19:03 -0500
Received: by mail-pl1-f171.google.com with SMTP id t13so12073375ply.13
 for <33933@debbugs.gnu.org>; Sun, 30 Dec 2018 15:19:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:user-agent:mime-version;
 bh=Yztnnr9sJItxw4BQ756zaCdPsj2ML0N9W1SM/warf/M=;
 b=ML3ztDHGJbWNATw6F3zhzggL9nHZpIkqG9OkEddP9wyukJQemg+bqsoAcK/hZmtSMD
 ve56tC1r5UQgIb2k4yqoKjieFr8WDwaIYrxHWP3qX3MrtNowZX9KT9oyESSKbBBFt0a3
 4xyqv+Fjik7sJGU8OJ7JmiVX3SKxci0KoViE+h8+rd540ortLcWTdM6nDw+bNtG0N2wb
 KX+ORaecMMeTuGqIW7vWJ35ThjMnMV0iB2byt8PhlTWyx7Kc0uGUb3bpiXIEI9V6ikZo
 iZqrHLMDWPtsfsLFxsww0ghjkVcuAuYUbWY4zxX8nJWQO0R6nvoU6RkFhMBGSsm9frln
 JFIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:user-agent
 :mime-version;
 bh=Yztnnr9sJItxw4BQ756zaCdPsj2ML0N9W1SM/warf/M=;
 b=cM15OURCk5LzPBMMgGiYsZ+dzDDcwChqZnMKrpgRfXNTbDP9gUY+uJlqtKo0LnEP25
 C/227WNWxBm94zbKrxPddQHquEOJoC1ZE4UE/0uoSgaIm0+cfHkm/qOOyuLn9i2i4Ky6
 yskF4yVm/Fqzf4p3e3gTMS+8nrvjiVQ7vpEZ/0VS/ZRCmrMxazhHFHhjc6nk1hnkxDll
 0+rDILQm6fz0Z+vyEyn/jmdK5J/XNB2UUaBrlqHPpDUNXm+SGDoP2H6f31AYNVRZVZUw
 1o2sB63GOW8k3KLSdjfsIsYFYdUUmsnlmjUgtQ90ZqrkrTz53iAWRvcrP0SXj9IMk0W5
 b87g==
X-Gm-Message-State: AJcUukeZd4jvAB7InNv5H9i7AXsha+23UnP1nriv9VMIxpXZWmW9bc8+
 u8RQxvk3OYbie0PcGHkk5Iw=
X-Google-Smtp-Source: ALg8bN6i+hmNeCb/Ryl2JExC5s/xMQ4Sne02EOdfkZGbsvgbHeUtMigCmFUkjNohpS9Bim05NHjYyA==
X-Received: by 2002:a17:902:7848:: with SMTP id
 e8mr36183891pln.100.1546211936473; 
 Sun, 30 Dec 2018 15:18:56 -0800 (PST)
Received: from debian (n058152176116.netvigator.com. [58.152.176.116])
 by smtp.gmail.com with ESMTPSA id 125sm85265210pfx.159.2018.12.30.15.18.55
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 30 Dec 2018 15:18:55 -0800 (PST)
From: Alex Vong <alexvong1995@gmail.com>
To: 33933@debbugs.gnu.org
Subject: [PATCH 2/4] gnu: libextractor: Fix CVE-2018-{20430,20431}.
Date: Mon, 31 Dec 2018 07:18:52 +0800
Message-ID: <87h8euhacj.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: 33933
Cc: alexvong1995@gmail.com
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.8 (/)

[0002-gnu-libextractor-Fix-CVE-2018-20430-20431.patch (text/x-diff, inline)]

From a155ee678aefe73eb8e209e7a6d4ace8afabcf92 Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1995@gmail.com>
Date: Mon, 31 Dec 2018 06:50:48 +0800
Subject: [PATCH 2/4] gnu: libextractor: Fix CVE-2018-{20430,20431}.

* gnu/packages/patches/libextractor-CVE-2018-20430.patch,
gnu/packages/patches/libextractor-CVE-2018-20431.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnunet.scm (libextractor)[source]: Use them.
---
 gnu/local.mk                                  |  2 +
 gnu/packages/gnunet.scm                       |  2 +
 .../patches/libextractor-CVE-2018-20430.patch | 60 +++++++++++++++++++
 .../patches/libextractor-CVE-2018-20431.patch | 53 ++++++++++++++++
 4 files changed, 117 insertions(+)
 create mode 100644 gnu/packages/patches/libextractor-CVE-2018-20430.patch
 create mode 100644 gnu/packages/patches/libextractor-CVE-2018-20431.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 0bb020335..75634b741 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -888,6 +888,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/libevent-2.1-skip-failing-test.patch	\
   %D%/packages/patches/libexif-CVE-2016-6328.patch		\
   %D%/packages/patches/libexif-CVE-2017-7544.patch		\
+  %D%/packages/patches/libextractor-CVE-2018-20430.patch	\
+  %D%/packages/patches/libextractor-CVE-2018-20431.patch	\
   %D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch	\
   %D%/packages/patches/libgit2-mtime-0.patch			\
   %D%/packages/patches/libgit2-oom-test.patch			\
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 4a6952076..d9e903734 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -73,6 +73,8 @@
             (method url-fetch)
             (uri (string-append "mirror://gnu/libextractor/libextractor-"
                                 version ".tar.gz"))
+            (patches (search-patches "libextractor-CVE-2018-20430.patch"
+                                     "libextractor-CVE-2018-20431.patch"))
             (sha256
              (base32
               "1z1cb35griqzvshqdv5ck98dy0sgpsswn7fgiy7lbzi34sma8dg2"))))
diff --git a/gnu/packages/patches/libextractor-CVE-2018-20430.patch b/gnu/packages/patches/libextractor-CVE-2018-20430.patch
new file mode 100644
index 000000000..570cd7c00
--- /dev/null
+++ b/gnu/packages/patches/libextractor-CVE-2018-20430.patch
@@ -0,0 +1,60 @@
+Fix CVE-2018-20430:
+
+https://gnunet.org/bugs/view.php?id=5493
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20430
+https://security-tracker.debian.org/tracker/CVE-2018-20430
+
+Patch copied from upstream source repository:
+
+https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110
+
+From b405d707b36e0654900cba78e89f49779efea110 Mon Sep 17 00:00:00 2001
+From: Christian Grothoff <christian@grothoff.org>
+Date: Thu, 20 Dec 2018 22:47:53 +0100
+Subject: [PATCH] fix #5493 (out of bounds read)
+
+---
+ src/common/convert.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/common/convert.c b/src/common/convert.c
+index c0edf21..2be2108 100644
+--- a/src/common/convert.c
++++ b/src/common/convert.c
+@@ -36,8 +36,8 @@
+  *  string is returned.
+  */
+ char *
+-EXTRACTOR_common_convert_to_utf8 (const char *input, 
+-				  size_t len, 
++EXTRACTOR_common_convert_to_utf8 (const char *input,
++				  size_t len,
+ 				  const char *charset)
+ {
+ #if HAVE_ICONV
+@@ -52,7 +52,7 @@ EXTRACTOR_common_convert_to_utf8 (const char *input,
+   i = input;
+   cd = iconv_open ("UTF-8", charset);
+   if (cd == (iconv_t) - 1)
+-    return strdup (i);
++    return strndup (i, len);
+   if (len > 1024 * 1024)
+     {
+       iconv_close (cd);
+@@ -67,11 +67,11 @@ EXTRACTOR_common_convert_to_utf8 (const char *input,
+     }
+   itmp = tmp;
+   finSize = tmpSize;
+-  if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == SIZE_MAX)
++  if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == ((size_t) -1))
+     {
+       iconv_close (cd);
+       free (tmp);
+-      return strdup (i);
++      return strndup (i, len);
+     }
+   ret = malloc (tmpSize - finSize + 1);
+   if (ret == NULL)
+-- 
+2.20.1
+
diff --git a/gnu/packages/patches/libextractor-CVE-2018-20431.patch b/gnu/packages/patches/libextractor-CVE-2018-20431.patch
new file mode 100644
index 000000000..855c5ba64
--- /dev/null
+++ b/gnu/packages/patches/libextractor-CVE-2018-20431.patch
@@ -0,0 +1,53 @@
+Fix CVE-2018-20431:
+
+https://gnunet.org/bugs/view.php?id=5494
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431
+https://security-tracker.debian.org/tracker/CVE-2018-20431
+
+Patch copied from upstream source repository:
+
+https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7
+
+To apply the patch to libextractor 1.8 release tarball,
+hunk #1 which patches ChangeLog is removed. 
+
+From 489c4a540bb2c4744471441425b8932b97a153e7 Mon Sep 17 00:00:00 2001
+From: Christian Grothoff <christian@grothoff.org>
+Date: Thu, 20 Dec 2018 23:02:28 +0100
+Subject: [PATCH] fix #5494
+
+---
+ ChangeLog                    | 3 ++-
+ src/plugins/ole2_extractor.c | 9 +++++++--
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/plugins/ole2_extractor.c b/src/plugins/ole2_extractor.c
+index 53fa1b9..a48b726 100644
+--- a/src/plugins/ole2_extractor.c
++++ b/src/plugins/ole2_extractor.c
+@@ -173,7 +173,7 @@ struct ProcContext
+   EXTRACTOR_MetaDataProcessor proc;
+ 
+   /**
+-   * Closure for 'proc'.
++   * Closure for @e proc.
+    */
+   void *proc_cls;
+ 
+@@ -213,7 +213,12 @@ process_metadata (gpointer key,
+ 
+   if (G_VALUE_TYPE(gval) == G_TYPE_STRING)
+     {
+-      contents = strdup (g_value_get_string (gval));
++      const char *gvals;
++
++      gvals = g_value_get_string (gval);
++      if (NULL == gvals)
++        return;
++      contents = strdup (gvals);
+     }
+   else
+     {
+-- 
+2.20.1
+
-- 
2.20.1

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.