From fde5d0e30e45fa5e09db1fc95da538de0669e9c3 Mon Sep 17 00:00:00 2001 From: Nathan Owens Date: Tue, 22 Oct 2019 16:57:34 -0500 Subject: [PATCH] sysutils/file: * Update to 5.37 * Create patch from upstream - Fixes CVE-2019-18218 --- sysutils/file/Makefile | 2 +- sysutils/file/distinfo | 6 +-- sysutils/file/files/patch-src_cdf.c | 71 +++++++++++++++++++++++++++++ sysutils/file/files/patch-src_cdf.h | 10 ++++ 4 files changed, 85 insertions(+), 4 deletions(-) create mode 100644 sysutils/file/files/patch-src_cdf.c create mode 100644 sysutils/file/files/patch-src_cdf.h diff --git a/sysutils/file/Makefile b/sysutils/file/Makefile index dcb1aa7c7..cecd20453 100644 --- sysutils/file/Makefile +++ sysutils/file/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= file -PORTVERSION= 5.36 +PORTVERSION= 5.37 CATEGORIES= sysutils MASTER_SITES= ftp://ftp.astron.com/pub/file/ \ ftp://ftp.fu-berlin.de/unix/tools/file/ diff --git a/sysutils/file/distinfo b/sysutils/file/distinfo index cf960275a..88fcb8a6c 100644 --- sysutils/file/distinfo +++ sysutils/file/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1550771584 -SHA256 (file-5.36.tar.gz) = fb608290c0fd2405a8f63e5717abf6d03e22e183fb21884413d1edd918184379 -SIZE (file-5.36.tar.gz) = 875792 +TIMESTAMP = 1571780726 +SHA256 (file-5.37.tar.gz) = e9c13967f7dd339a3c241b7710ba093560b9a33013491318e88e6b8b57bae07f +SIZE (file-5.37.tar.gz) = 887682 diff --git a/sysutils/file/files/patch-src_cdf.c b/sysutils/file/files/patch-src_cdf.c new file mode 100644 index 000000000..482b8b10d --- /dev/null +++ sysutils/file/files/patch-src_cdf.c @@ -0,0 +1,71 @@ +--- src/cdf.c.orig 2019-10-22 21:52:28 UTC ++++ src/cdf.c +@@ -35,7 +35,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: cdf.c,v 1.114 2019/02/20 02:35:27 christos Exp $") ++FILE_RCSID("@(#)$File: cdf.c,v 1.116 2019/08/26 14:31:39 christos Exp $") + #endif + + #include +@@ -53,6 +53,10 @@ FILE_RCSID("@(#)$File: cdf.c,v 1.114 2019/02/20 02:35: + #define EFTYPE EINVAL + #endif + ++#ifndef SIZE_T_MAX ++#define SIZE_T_MAX CAST(size_t, ~0ULL) ++#endif ++ + #include "cdf.h" + + #ifdef CDF_DEBUG +@@ -405,7 +409,12 @@ cdf_read_sector(const cdf_info_t *info, void *buf, siz + const cdf_header_t *h, cdf_secid_t id) + { + size_t ss = CDF_SEC_SIZE(h); +- size_t pos = CDF_SEC_POS(h, id); ++ size_t pos; ++ ++ if (SIZE_T_MAX / ss < CAST(size_t, id)) ++ return -1; ++ ++ pos = CDF_SEC_POS(h, id); + assert(ss == len); + return cdf_read(info, CAST(off_t, pos), RCAST(char *, buf) + offs, len); + } +@@ -415,7 +424,12 @@ cdf_read_short_sector(const cdf_stream_t *sst, void *b + size_t len, const cdf_header_t *h, cdf_secid_t id) + { + size_t ss = CDF_SHORT_SEC_SIZE(h); +- size_t pos = CDF_SHORT_SEC_POS(h, id); ++ size_t pos; ++ ++ if (SIZE_T_MAX / ss < CAST(size_t, id)) ++ return -1; ++ ++ pos = CDF_SHORT_SEC_POS(h, id); + assert(ss == len); + if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) { + DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" +@@ -1013,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const + goto out; + } + nelements = CDF_GETUINT32(q, 1); +- if (nelements == 0) { +- DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == %" ++ SIZE_T_FORMAT "u\n", nelements)); + goto out; + } + slen = 2; +@@ -1056,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const + goto out; + inp += nelem; + } +- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", +- nelements)); + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { diff --git a/sysutils/file/files/patch-src_cdf.h b/sysutils/file/files/patch-src_cdf.h new file mode 100644 index 000000000..ac332c139 --- /dev/null +++ sysutils/file/files/patch-src_cdf.h @@ -0,0 +1,10 @@ +--- src/cdf.h.orig 2019-10-22 21:52:35 UTC ++++ src/cdf.h +@@ -48,6 +48,7 @@ + typedef int32_t cdf_secid_t; + + #define CDF_LOOP_LIMIT 10000 ++#define CDF_ELEMENT_LIMIT 100000 + + #define CDF_SECID_NULL 0 + #define CDF_SECID_FREE -1 -- 2.23.0