From: "Armin Kuster" <akuster808@gmail.com>
To: akash hadke <akash.hadke@kpit.com>,
openembedded-core@lists.openembedded.org, raj.khem@gmail.com
Cc: nisha.parrakat@kpit.com, harpritkaur.bhandari@kpit.com
Subject: Re: [OE-core] [meta-oe][dunfell][PATCH] opencv: Add fix for CVE-2019-5063 and CVE-2019-5064
Date: Tue, 25 May 2021 04:48:41 -0700 [thread overview]
Message-ID: <6aaa2037-e3b2-8269-98b4-d64b525b41ff@gmail.com> (raw)
In-Reply-To: <1621929554-4038-1-git-send-email-akash.hadke@kpit.com>
On 5/25/21 12:59 AM, akash hadke wrote:
> From: "akash.hadke" <akash.hadke@kpit.com>
>
> Added fix for below CVE's
>
> CVE-2019-5063
> CVE-2019-5064
> Link: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch
>
> Signed-off-by: akash hadke <akash.hadke@kpit.com>
wrong ml. should be openembedded-devel@.
patch noted.
-armin
> ---
> .../opencv/CVE-2019-5063_and_2019-5064.patch | 78 ++++++++++++++++++++++
> meta-oe/recipes-support/opencv/opencv_4.1.0.bb | 1 +
> 2 files changed, 79 insertions(+)
> create mode 100644 meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch
>
> diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch
> new file mode 100644
> index 0000000..b4d5e6d
> --- /dev/null
> +++ b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch
> @@ -0,0 +1,78 @@
> +From f42d5399aac80d371b17d689851406669c9b9111 Mon Sep 17 00:00:00 2001
> +From: Alexander Alekhin <alexander.alekhin@intel.com>
> +Date: Thu, 7 Nov 2019 14:01:51 +0300
> +Subject: [PATCH] core(persistence): add more checks for implementation
> + limitations
> +
> +Signed-off-by: akash hadke <akash.hadke@kpit.com>
> +---
> + modules/core/src/persistence_json.cpp | 8 ++++++++
> + modules/core/src/persistence_xml.cpp | 6 ++++--
> + 2 files changed, 12 insertions(+), 2 deletions(-)
> +---
> +CVE: CVE-2019-5063
> +CVE: CVE-2019-5064
> +Upstream-Status: Backport [https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch]
> +---
> +diff --git a/modules/core/src/persistence_json.cpp b/modules/core/src/persistence_json.cpp
> +index 89914e6534f..2efdf17d3f5 100644
> +--- a/modules/core/src/persistence_json.cpp
> ++++ b/modules/core/src/persistence_json.cpp
> +@@ -578,10 +578,14 @@ class JSONParser : public FileStorageParser
> + sz = (int)(ptr - beg);
> + if( sz > 0 )
> + {
> ++ if (i + sz >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("string is too long");
> + memcpy(buf + i, beg, sz);
> + i += sz;
> + }
> + ptr++;
> ++ if (i + 1 >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("string is too long");
> + switch ( *ptr )
> + {
> + case '\\':
> +@@ -605,6 +609,8 @@ class JSONParser : public FileStorageParser
> + sz = (int)(ptr - beg);
> + if( sz > 0 )
> + {
> ++ if (i + sz >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("string is too long");
> + memcpy(buf + i, beg, sz);
> + i += sz;
> + }
> +@@ -620,6 +626,8 @@ class JSONParser : public FileStorageParser
> + sz = (int)(ptr - beg);
> + if( sz > 0 )
> + {
> ++ if (i + sz >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("string is too long");
> + memcpy(buf + i, beg, sz);
> + i += sz;
> + }
> +diff --git a/modules/core/src/persistence_xml.cpp b/modules/core/src/persistence_xml.cpp
> +index 89876dd3da8..52b53744254 100644
> +--- a/modules/core/src/persistence_xml.cpp
> ++++ b/modules/core/src/persistence_xml.cpp
> +@@ -627,6 +627,8 @@ class XMLParser : public FileStorageParser
> + c = '\"';
> + else
> + {
> ++ if (len + 2 + i >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("string is too long");
> + memcpy( strbuf + i, ptr-1, len + 2 );
> + i += len + 2;
> + }
> +@@ -635,9 +637,9 @@ class XMLParser : public FileStorageParser
> + CV_PERSISTENCE_CHECK_END_OF_BUFFER_BUG_CPP();
> + }
> + }
> ++ if (i + 1 >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("Too long string literal");
> + strbuf[i++] = c;
> +- if( i >= CV_FS_MAX_LEN )
> +- CV_PARSE_ERROR_CPP( "Too long string literal" );
> + }
> + elem->setValue(FileNode::STRING, strbuf, i);
> + }
> diff --git a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
> index de708fd..19d5d0c 100644
> --- a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
> +++ b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
> @@ -54,6 +54,7 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \
> file://CVE-2019-14493.patch \
> file://CVE-2019-15939.patch \
> file://CVE-2019-19624.patch \
> + file://CVE-2019-5063_and_2019-5064.patch \
> "
> PV = "4.1.0"
>
>
>
>
next prev parent reply other threads:[~2021-05-25 11:48 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-25 7:59 [meta-oe][dunfell][PATCH] opencv: Add fix for CVE-2019-5063 and CVE-2019-5064 akash hadke
2021-05-25 11:48 ` Armin Kuster [this message]
2021-06-10 4:26 ` akash hadke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6aaa2037-e3b2-8269-98b4-d64b525b41ff@gmail.com \
--to=akuster808@gmail.com \
--cc=akash.hadke@kpit.com \
--cc=harpritkaur.bhandari@kpit.com \
--cc=nisha.parrakat@kpit.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=raj.khem@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.