Resolves: rhbz#1458800 CVE-2017-9432 Stack-buffer overflow in the StarWriterStruct::DatabaseName::read

8 years ago · f3d2341450
parent a97b516c22
commit f3d2341450
2 changed files with 34 additions and 1 deletions
--- a/0001-ofz-1029-use-correct-loop-index.patch
+++ b/0001-ofz-1029-use-correct-loop-index.patch
@ -0,0 +1,27 @@
+From 2d6253c7a692a3d92785dd990fce7256ea05e794 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Fri, 7 Apr 2017 19:28:55 +0200
+Subject: [PATCH] ofz#1029 use correct loop index
+
+To be honest, I think this would be clearer as two separate reads to two
+separate vars...
+---
+ src/lib/StarWriterStruct.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/StarWriterStruct.cxx b/src/lib/StarWriterStruct.cxx
+index 5893302..d1ad366 100644
+--- a/src/lib/StarWriterStruct.cxx
+++ b/src/lib/StarWriterStruct.cxx
+@@ -327,7 +327,7 @@ bool DatabaseName::read(StarZone &zone)
+         }
+         data.m_name=libstoff::getString(text);
+         int positions[2];
+-        for (int j=0; j<2; ++j) positions[i]=int(input->readULong(4));
+        for (int j=0; j<2; ++j) positions[j]=int(input->readULong(4));
+         data.m_selection=STOFFVec2i(positions[0],positions[1]);
+         m_dataList.push_back(data);
+       }
+-- 
+2.13.0
+
--- a/libstaroffice.spec
+++ b/libstaroffice.spec
@ -2,13 +2,15 @@

 Name: libstaroffice
 Version: 0.0.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: A library for import of binary StarOffice documents

 License: MPLv2.0 or LGPLv2+
 URL: https://github.com/fosnola/libstaroffice/wiki
 Source: https://github.com/fosnola/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz

+Patch0: 0001-ofz-1029-use-correct-loop-index.patch
+
 BuildRequires: doxygen
 BuildRequires: help2man
 BuildRequires: pkgconfig(librevenge-0.0)
@ -97,6 +99,10 @@ install -m 0644 sd2*.1 sd?2*.1 %{buildroot}/%{_mandir}/man1
 %{_mandir}/man1/sdc2csv.1*

 %changelog
+* Tue Jun 06 2017 David Tardon <dtardon@redhat.com> - 0.0.3-3
+- Resolves: rhbz#1458800 CVE-2017-9432 Stack-buffer overflow in the
+  StarWriterStruct::DatabaseName::read
+
 * Mon May 15 2017 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.0.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild