rpms
/
podofo
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Backport proposed patch for CVE-2018-12983

Browse Source
epel9
Sandro Mani 5 years ago
parent bf2ff37a2f
commit 4e89ffcd0e
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File

8
podofo.spec
Unescape View File

@ -1,6 +1,6 @@
Name: podofo
Version: 0.9.6
Release: 10%{?dist}
Release: 11%{?dist}
Summary: Tools and libraries to work with the PDF file format
# The library is licensed under the LGPL.
@ -50,6 +50,9 @@ Patch19: podofo_CVE-2019-9687.patch
# Downstream patch for CVE-2019-20093
# https://sourceforge.net/p/podofo/tickets/75/
Patch20: podofo_CVE-2019-20093.patch
# Proposed patch for CVE-2018-12983
# https://sourceforge.net/p/podofo/tickets/23/
Patch21: podofo_CVE-2018-12983.diff
BuildRequires: gcc-c++
%if %{?el7:1}%{!?el7:0}
@ -161,6 +164,9 @@ find doc/html -exec touch -r %{SOURCE0} {} \;
%changelog
* Thu Jul 02 2020 Sandro Mani <manisandro@gmail.com> - 0.9.6-11
- Backport proposed patch for CVE-2018-12983
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

16
podofo_CVE-2018-12983.diff
Unescape View File

@ -0,0 +1,16 @@
diff -rupN --no-dereference podofo-0.9.6/src/base/PdfEncrypt.cpp podofo-0.9.6-new/src/base/PdfEncrypt.cpp
--- podofo-0.9.6/src/base/PdfEncrypt.cpp 2020-07-02 10:27:57.484446311 +0200
+++ podofo-0.9.6-new/src/base/PdfEncrypt.cpp 2020-07-02 10:27:57.694448247 +0200
@@ -607,6 +607,12 @@ PdfEncrypt* PdfEncrypt::CreatePdfEncrypt
&& PdfEncrypt::IsEncryptionEnabled( ePdfEncryptAlgorithm_RC4V2 ) )
{
// [Alexey] - lLength is pdf_int64. Please make changes in encryption algorithms
+ // [mabri] - Fix CVE-2018-12983: Check key length lLength here
+ // to prevent stack-based buffer over-read in line 867 of this file
+ if (lLength > MD5_DIGEST_LENGTH * 8) // lLength in bits, md5 in bytes
+ {
+ PODOFO_RAISE_ERROR_INFO( ePdfError_ValueOutOfRange, "Given key length too large for MD5." );
+ }
pdfEncrypt = new PdfEncryptRC4(oValue, uValue, pValue, rValue, ePdfEncryptAlgorithm_RC4V2, static_cast<int>(lLength), encryptMetadata);
}
else
Write Preview
Loading…
Cancel
Save