* [Buildroot] [PATCH 1/1] package/gd: fix CVE-2021-38115
@ 2021-08-14 20:43 Fabrice Fontaine
2021-08-15 14:55 ` Thomas Petazzoni
2021-09-04 20:43 ` Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2021-08-14 20:43 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD)
through 2.3.2 allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted TGA file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...-of-bands-in-reading-tga-header-file.patch | 29 +++++++++++++++++++
package/gd/gd.mk | 3 ++
2 files changed, 32 insertions(+)
create mode 100644 package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
diff --git a/package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch b/package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
new file mode 100644
index 0000000000..a42bfb402e
--- /dev/null
+++ b/package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
@@ -0,0 +1,29 @@
+From 8b111b2b4a4842179be66db68d84dda91a246032 Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
+Date: Mon, 19 Jul 2021 10:07:13 +0430
+Subject: [PATCH] fix read out-of-bands in reading tga header file
+
+[Retrieved from:
+https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/gd_tga.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/gd_tga.c b/src/gd_tga.c
+index cae9428da..286febb28 100644
+--- a/src/gd_tga.c
++++ b/src/gd_tga.c
+@@ -191,7 +191,11 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
+ return -1;
+ }
+
+- gdGetBuf(tga->ident, tga->identsize, ctx);
++
++ if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) {
++ gd_error("fail to read header ident");
++ return -1;
++ }
+ }
+
+ return 1;
diff --git a/package/gd/gd.mk b/package/gd/gd.mk
index 2df81e6d37..90f966c294 100644
--- a/package/gd/gd.mk
+++ b/package/gd/gd.mk
@@ -15,6 +15,9 @@ GD_CPE_ID_PRODUCT = libgd
GD_CONF_OPTS = --without-x --disable-rpath --disable-werror
GD_DEPENDENCIES = host-pkgconf
+# 0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
+GD_IGNORE_CVES += CVE-2021-38115
+
# gd forgets to link utilities with -pthread even though it uses
# pthreads, causing linking errors with static linking
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/gd: fix CVE-2021-38115
2021-08-14 20:43 [Buildroot] [PATCH 1/1] package/gd: fix CVE-2021-38115 Fabrice Fontaine
@ 2021-08-15 14:55 ` Thomas Petazzoni
2021-09-04 20:43 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2021-08-15 14:55 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
On Sat, 14 Aug 2021 22:43:54 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD)
> through 2.3.2 allows remote attackers to cause a denial of service
> (out-of-bounds read) via a crafted TGA file.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> ...-of-bands-in-reading-tga-header-file.patch | 29 +++++++++++++++++++
> package/gd/gd.mk | 3 ++
> 2 files changed, 32 insertions(+)
> create mode 100644 package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/gd: fix CVE-2021-38115
2021-08-14 20:43 [Buildroot] [PATCH 1/1] package/gd: fix CVE-2021-38115 Fabrice Fontaine
2021-08-15 14:55 ` Thomas Petazzoni
@ 2021-09-04 20:43 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2021-09-04 20:43 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD)
> through 2.3.2 allows remote attackers to cause a denial of service
> (out-of-bounds read) via a crafted TGA file.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x and 2021.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/1] package/gd: fix CVE-2021-38115
@ 2021-08-14 20:43 Fabrice Fontaine
0 siblings, 0 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2021-08-14 20:43 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD)
through 2.3.2 allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted TGA file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...-of-bands-in-reading-tga-header-file.patch | 29 +++++++++++++++++++
package/gd/gd.mk | 3 ++
2 files changed, 32 insertions(+)
create mode 100644 package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
diff --git a/package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch b/package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
new file mode 100644
index 0000000000..a42bfb402e
--- /dev/null
+++ b/package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
@@ -0,0 +1,29 @@
+From 8b111b2b4a4842179be66db68d84dda91a246032 Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
+Date: Mon, 19 Jul 2021 10:07:13 +0430
+Subject: [PATCH] fix read out-of-bands in reading tga header file
+
+[Retrieved from:
+https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/gd_tga.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/gd_tga.c b/src/gd_tga.c
+index cae9428da..286febb28 100644
+--- a/src/gd_tga.c
++++ b/src/gd_tga.c
+@@ -191,7 +191,11 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
+ return -1;
+ }
+
+- gdGetBuf(tga->ident, tga->identsize, ctx);
++
++ if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) {
++ gd_error("fail to read header ident");
++ return -1;
++ }
+ }
+
+ return 1;
diff --git a/package/gd/gd.mk b/package/gd/gd.mk
index 2df81e6d37..90f966c294 100644
--- a/package/gd/gd.mk
+++ b/package/gd/gd.mk
@@ -15,6 +15,9 @@ GD_CPE_ID_PRODUCT = libgd
GD_CONF_OPTS = --without-x --disable-rpath --disable-werror
GD_DEPENDENCIES = host-pkgconf
+# 0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
+GD_IGNORE_CVES += CVE-2021-38115
+
# gd forgets to link utilities with -pthread even though it uses
# pthreads, causing linking errors with static linking
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-09-04 20:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-14 20:43 [Buildroot] [PATCH 1/1] package/gd: fix CVE-2021-38115 Fabrice Fontaine
2021-08-15 14:55 ` Thomas Petazzoni
2021-09-04 20:43 ` Peter Korsgaard
-- strict thread matches above, loose matches on Subject: below --
2021-08-14 20:43 Fabrice Fontaine
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.