* [Buildroot] [PATCH 0/3] package/giflib security fixes
@ 2023-12-05 23:59 Adam Duskett
2023-12-05 23:59 ` [Buildroot] [PATCH 1/3] package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch Adam Duskett
` (2 more replies)
0 siblings, 3 replies; 14+ messages in thread
From: Adam Duskett @ 2023-12-05 23:59 UTC (permalink / raw)
To: buildroot; +Cc: Bernd Kuhls, Adam Duskett
Here are three patches that fix several vulnerabilities in the giflib project.
Sadly it seems like the giflib project has been abandoned, as these
vulnerabilities are ignored on sourceforge.
Adam Duskett (3):
package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch
package/giflib/0003-Fix-CVE-2023-39742.patch: New security patch
package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch:
New security patch
package/giflib/0002-Fix-CVE-2022-28506.patch | 34 +++++++++++
package/giflib/0003-Fix-CVE-2023-39742.patch | 36 +++++++++++
...veral-defects-found-by-Coverity-scan.patch | 61 +++++++++++++++++++
3 files changed, 131 insertions(+)
create mode 100644 package/giflib/0002-Fix-CVE-2022-28506.patch
create mode 100644 package/giflib/0003-Fix-CVE-2023-39742.patch
create mode 100644 package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch
--
2.43.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 14+ messages in thread* [Buildroot] [PATCH 1/3] package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch 2023-12-05 23:59 [Buildroot] [PATCH 0/3] package/giflib security fixes Adam Duskett @ 2023-12-05 23:59 ` Adam Duskett 2023-12-18 16:45 ` Yann E. MORIN 2024-01-07 9:29 ` Peter Korsgaard 2023-12-05 23:59 ` [Buildroot] [PATCH 2/3] package/giflib/0003-Fix-CVE-2023-39742.patch: " Adam Duskett 2023-12-05 23:59 ` [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: " Adam Duskett 2 siblings, 2 replies; 14+ messages in thread From: Adam Duskett @ 2023-12-05 23:59 UTC (permalink / raw) To: buildroot; +Cc: Bernd Kuhls, Adam Duskett Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- package/giflib/0002-Fix-CVE-2022-28506.patch | 34 ++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 package/giflib/0002-Fix-CVE-2022-28506.patch diff --git a/package/giflib/0002-Fix-CVE-2022-28506.patch b/package/giflib/0002-Fix-CVE-2022-28506.patch new file mode 100644 index 0000000000..35d5f60a95 --- /dev/null +++ b/package/giflib/0002-Fix-CVE-2022-28506.patch @@ -0,0 +1,34 @@ +From c0cca041fc4fb6748d8dff3675fe7a839253d668 Mon Sep 17 00:00:00 2001 +From: Sandro Mani <manisandro@gmail.com> +Date: Tue, 5 Dec 2023 16:24:32 -0700 +Subject: [PATCH] Fix CVE-2022-28506 + +From: giflib-5.2.1-17.fc39.src.rpm +Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-28506 +Upstream: https://sourceforge.net/p/giflib/bugs/159/ + +Signed-off-by: Sandro Mani <manisandro@gmail.com> +Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> +--- + gif2rgb.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gif2rgb.c b/gif2rgb.c +index 8d7c0ff..d9a469f 100644 +--- a/gif2rgb.c ++++ b/gif2rgb.c +@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag, + GifRow = ScreenBuffer[i]; + GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); + for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) { ++ /* Check if color is within color palete */ ++ if (GifRow[j] >= ColorMap->ColorCount) ++ { ++ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT)); ++ } + ColorMapEntry = &ColorMap->Colors[GifRow[j]]; + *BufferP++ = ColorMapEntry->Red; + *BufferP++ = ColorMapEntry->Green; +-- +2.43.0 + -- 2.43.0 _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [Buildroot] [PATCH 1/3] package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch 2023-12-05 23:59 ` [Buildroot] [PATCH 1/3] package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch Adam Duskett @ 2023-12-18 16:45 ` Yann E. MORIN 2024-01-07 9:29 ` Peter Korsgaard 1 sibling, 0 replies; 14+ messages in thread From: Yann E. MORIN @ 2023-12-18 16:45 UTC (permalink / raw) To: Adam Duskett; +Cc: Bernd Kuhls, buildroot Adam, All, On 2023-12-05 16:59 -0700, Adam Duskett spake thusly: > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > --- > package/giflib/0002-Fix-CVE-2022-28506.patch | 34 ++++++++++++++++++++ > 1 file changed, 34 insertions(+) > create mode 100644 package/giflib/0002-Fix-CVE-2022-28506.patch > > diff --git a/package/giflib/0002-Fix-CVE-2022-28506.patch b/package/giflib/0002-Fix-CVE-2022-28506.patch > new file mode 100644 > index 0000000000..35d5f60a95 > --- /dev/null > +++ b/package/giflib/0002-Fix-CVE-2022-28506.patch > @@ -0,0 +1,34 @@ > +From c0cca041fc4fb6748d8dff3675fe7a839253d668 Mon Sep 17 00:00:00 2001 > +From: Sandro Mani <manisandro@gmail.com> > +Date: Tue, 5 Dec 2023 16:24:32 -0700 > +Subject: [PATCH] Fix CVE-2022-28506 You forgot tadd GIFLIB_IGNORE_CVES = CVE-2022-28506 Applied to master with the above fixed, thanks. Regards, Yann E. MORIN. > +From: giflib-5.2.1-17.fc39.src.rpm > +Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-28506 > +Upstream: https://sourceforge.net/p/giflib/bugs/159/ > + > +Signed-off-by: Sandro Mani <manisandro@gmail.com> > +Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > +--- > + gif2rgb.c | 5 +++++ > + 1 file changed, 5 insertions(+) > + > +diff --git a/gif2rgb.c b/gif2rgb.c > +index 8d7c0ff..d9a469f 100644 > +--- a/gif2rgb.c > ++++ b/gif2rgb.c > +@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag, > + GifRow = ScreenBuffer[i]; > + GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); > + for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) { > ++ /* Check if color is within color palete */ > ++ if (GifRow[j] >= ColorMap->ColorCount) > ++ { > ++ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT)); > ++ } > + ColorMapEntry = &ColorMap->Colors[GifRow[j]]; > + *BufferP++ = ColorMapEntry->Red; > + *BufferP++ = ColorMapEntry->Green; > +-- > +2.43.0 > + > -- > 2.43.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Buildroot] [PATCH 1/3] package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch 2023-12-05 23:59 ` [Buildroot] [PATCH 1/3] package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch Adam Duskett 2023-12-18 16:45 ` Yann E. MORIN @ 2024-01-07 9:29 ` Peter Korsgaard 1 sibling, 0 replies; 14+ messages in thread From: Peter Korsgaard @ 2024-01-07 9:29 UTC (permalink / raw) To: Adam Duskett; +Cc: Bernd Kuhls, buildroot >>>>> "Adam" == Adam Duskett <adam.duskett@amarulasolutions.com> writes: > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> Committed to 2023.02.x and 2023.11.x, thanks. -- Bye, Peter Korsgaard _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 14+ messages in thread
* [Buildroot] [PATCH 2/3] package/giflib/0003-Fix-CVE-2023-39742.patch: New security patch 2023-12-05 23:59 [Buildroot] [PATCH 0/3] package/giflib security fixes Adam Duskett 2023-12-05 23:59 ` [Buildroot] [PATCH 1/3] package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch Adam Duskett @ 2023-12-05 23:59 ` Adam Duskett 2023-12-18 16:45 ` Yann E. MORIN 2024-01-07 9:29 ` Peter Korsgaard 2023-12-05 23:59 ` [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: " Adam Duskett 2 siblings, 2 replies; 14+ messages in thread From: Adam Duskett @ 2023-12-05 23:59 UTC (permalink / raw) To: buildroot; +Cc: Bernd Kuhls, Adam Duskett Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- package/giflib/0003-Fix-CVE-2023-39742.patch | 36 ++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 package/giflib/0003-Fix-CVE-2023-39742.patch diff --git a/package/giflib/0003-Fix-CVE-2023-39742.patch b/package/giflib/0003-Fix-CVE-2023-39742.patch new file mode 100644 index 0000000000..2ba01ac8a4 --- /dev/null +++ b/package/giflib/0003-Fix-CVE-2023-39742.patch @@ -0,0 +1,36 @@ +From 4288b993ee9df6550a367fe06ede3c003dc7bbc6 Mon Sep 17 00:00:00 2001 +From: Sandro Mani <manisandro@gmail.com> +Date: Tue, 5 Dec 2023 16:35:40 -0700 +Subject: [PATCH] Fix CVE-2023-39742 + +From: giflib-5.2.1-17.fc39.src.rpm +Fix segmentation faults due to non correct checking for args +Fixes: https://nvd.nist.gov/vuln/detail/CVE-2023-39742 +Upstream: https://sourceforge.net/p/giflib/bugs/166/ + +Signed-off-by: Sandro Mani <manisandro@gmail.com> +Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> +--- + getarg.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/getarg.c b/getarg.c +index d569f6c..51fbe0b 100644 +--- a/getarg.c ++++ b/getarg.c +@@ -307,6 +307,12 @@ GAGetParmeters(void *Parameters[], + int i = 0, ScanRes; + + while (!(ISSPACE(CtrlStrCopy[i]))) { ++ ++ if ((*argv) == argv_end) { ++ GAErrorToken = Option; ++ return CMD_ERR_NumRead; ++ } ++ + switch (CtrlStrCopy[i + 1]) { + case 'd': /* Get signed integers. */ + ScanRes = sscanf(*((*argv)++), "%d", +-- +2.43.0 + -- 2.43.0 _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [Buildroot] [PATCH 2/3] package/giflib/0003-Fix-CVE-2023-39742.patch: New security patch 2023-12-05 23:59 ` [Buildroot] [PATCH 2/3] package/giflib/0003-Fix-CVE-2023-39742.patch: " Adam Duskett @ 2023-12-18 16:45 ` Yann E. MORIN 2024-01-07 9:29 ` Peter Korsgaard 1 sibling, 0 replies; 14+ messages in thread From: Yann E. MORIN @ 2023-12-18 16:45 UTC (permalink / raw) To: Adam Duskett; +Cc: Bernd Kuhls, buildroot Adam, All, On 2023-12-05 16:59 -0700, Adam Duskett spake thusly: > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > --- > package/giflib/0003-Fix-CVE-2023-39742.patch | 36 ++++++++++++++++++++ > 1 file changed, 36 insertions(+) > create mode 100644 package/giflib/0003-Fix-CVE-2023-39742.patch > > diff --git a/package/giflib/0003-Fix-CVE-2023-39742.patch b/package/giflib/0003-Fix-CVE-2023-39742.patch > new file mode 100644 > index 0000000000..2ba01ac8a4 > --- /dev/null > +++ b/package/giflib/0003-Fix-CVE-2023-39742.patch > @@ -0,0 +1,36 @@ > +From 4288b993ee9df6550a367fe06ede3c003dc7bbc6 Mon Sep 17 00:00:00 2001 > +From: Sandro Mani <manisandro@gmail.com> > +Date: Tue, 5 Dec 2023 16:35:40 -0700 > +Subject: [PATCH] Fix CVE-2023-39742 You forgot to add GIFLIB_IGNORE_CVES += CVE-2023-39742 Applied to master with the above fixed, thanks. Regards, Yann E. MORIN. > +From: giflib-5.2.1-17.fc39.src.rpm > +Fix segmentation faults due to non correct checking for args > +Fixes: https://nvd.nist.gov/vuln/detail/CVE-2023-39742 > +Upstream: https://sourceforge.net/p/giflib/bugs/166/ > + > +Signed-off-by: Sandro Mani <manisandro@gmail.com> > +Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > +--- > + getarg.c | 6 ++++++ > + 1 file changed, 6 insertions(+) > + > +diff --git a/getarg.c b/getarg.c > +index d569f6c..51fbe0b 100644 > +--- a/getarg.c > ++++ b/getarg.c > +@@ -307,6 +307,12 @@ GAGetParmeters(void *Parameters[], > + int i = 0, ScanRes; > + > + while (!(ISSPACE(CtrlStrCopy[i]))) { > ++ > ++ if ((*argv) == argv_end) { > ++ GAErrorToken = Option; > ++ return CMD_ERR_NumRead; > ++ } > ++ > + switch (CtrlStrCopy[i + 1]) { > + case 'd': /* Get signed integers. */ > + ScanRes = sscanf(*((*argv)++), "%d", > +-- > +2.43.0 > + > -- > 2.43.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Buildroot] [PATCH 2/3] package/giflib/0003-Fix-CVE-2023-39742.patch: New security patch 2023-12-05 23:59 ` [Buildroot] [PATCH 2/3] package/giflib/0003-Fix-CVE-2023-39742.patch: " Adam Duskett 2023-12-18 16:45 ` Yann E. MORIN @ 2024-01-07 9:29 ` Peter Korsgaard 1 sibling, 0 replies; 14+ messages in thread From: Peter Korsgaard @ 2024-01-07 9:29 UTC (permalink / raw) To: Adam Duskett; +Cc: Bernd Kuhls, buildroot >>>>> "Adam" == Adam Duskett <adam.duskett@amarulasolutions.com> writes: > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> Committed to 2023.02.x and 2023.11.x, thanks. -- Bye, Peter Korsgaard _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 14+ messages in thread
* [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: New security patch 2023-12-05 23:59 [Buildroot] [PATCH 0/3] package/giflib security fixes Adam Duskett 2023-12-05 23:59 ` [Buildroot] [PATCH 1/3] package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch Adam Duskett 2023-12-05 23:59 ` [Buildroot] [PATCH 2/3] package/giflib/0003-Fix-CVE-2023-39742.patch: " Adam Duskett @ 2023-12-05 23:59 ` Adam Duskett 2023-12-18 16:46 ` Yann E. MORIN 2024-01-07 9:29 ` Peter Korsgaard 2 siblings, 2 replies; 14+ messages in thread From: Adam Duskett @ 2023-12-05 23:59 UTC (permalink / raw) To: buildroot; +Cc: Bernd Kuhls, Adam Duskett Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- ...veral-defects-found-by-Coverity-scan.patch | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch diff --git a/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch new file mode 100644 index 0000000000..1719769872 --- /dev/null +++ b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch @@ -0,0 +1,61 @@ +From a1c48b91cd1cf1e9bf7077709b69f4bfd4c4abc7 Mon Sep 17 00:00:00 2001 +From: Sandro Mani <manisandro@gmail.com> +Date: Tue, 5 Dec 2023 16:38:48 -0700 +Subject: [PATCH] Fix several defects found by Coverity scan + +From: giflib-5.2.1-17.fc39.src.rpm +Upstream: Not submitted + +Signed-off-by: Sandro Mani <manisandro@gmail.com> +Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> +--- + gif2rgb.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/gif2rgb.c b/gif2rgb.c +index d9a469f..02cea41 100644 +--- a/gif2rgb.c ++++ b/gif2rgb.c +@@ -170,6 +170,8 @@ static void SaveGif(GifByteType *OutputBuffer, + /* Open stdout for the output file: */ + if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) { + PrintGifError(Error); ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } + +@@ -179,6 +181,8 @@ static void SaveGif(GifByteType *OutputBuffer, + EGifPutImageDesc(GifFile, + 0, 0, Width, Height, false, NULL) == GIF_ERROR) { + PrintGifError(Error); ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } + +@@ -187,8 +191,11 @@ static void SaveGif(GifByteType *OutputBuffer, + GifFile->Image.Width, GifFile->Image.Height); + + for (i = 0; i < Height; i++) { +- if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) ++ if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) { ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); ++ } + GifQprintf("\b\b\b\b%-4d", Height - i - 1); + + Ptr += Width; +@@ -196,6 +203,8 @@ static void SaveGif(GifByteType *OutputBuffer, + + if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) { + PrintGifError(Error); ++ free(OutputBuffer); ++ GifFreeMapObject(OutputColorMap); + exit(EXIT_FAILURE); + } + } +-- +2.43.0 + -- 2.43.0 _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: New security patch 2023-12-05 23:59 ` [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: " Adam Duskett @ 2023-12-18 16:46 ` Yann E. MORIN 2024-01-07 9:29 ` Peter Korsgaard 1 sibling, 0 replies; 14+ messages in thread From: Yann E. MORIN @ 2023-12-18 16:46 UTC (permalink / raw) To: Adam Duskett; +Cc: Bernd Kuhls, buildroot Adam, All, On 2023-12-05 16:59 -0700, Adam Duskett spake thusly: > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > ...veral-defects-found-by-Coverity-scan.patch | 61 +++++++++++++++++++ > 1 file changed, 61 insertions(+) > create mode 100644 package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > > diff --git a/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > new file mode 100644 > index 0000000000..1719769872 > --- /dev/null > +++ b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > @@ -0,0 +1,61 @@ > +From a1c48b91cd1cf1e9bf7077709b69f4bfd4c4abc7 Mon Sep 17 00:00:00 2001 > +From: Sandro Mani <manisandro@gmail.com> > +Date: Tue, 5 Dec 2023 16:38:48 -0700 > +Subject: [PATCH] Fix several defects found by Coverity scan > + > +From: giflib-5.2.1-17.fc39.src.rpm > +Upstream: Not submitted > + > +Signed-off-by: Sandro Mani <manisandro@gmail.com> > +Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > +--- > + gif2rgb.c | 11 ++++++++++- > + 1 file changed, 10 insertions(+), 1 deletion(-) > + > +diff --git a/gif2rgb.c b/gif2rgb.c > +index d9a469f..02cea41 100644 > +--- a/gif2rgb.c > ++++ b/gif2rgb.c > +@@ -170,6 +170,8 @@ static void SaveGif(GifByteType *OutputBuffer, > + /* Open stdout for the output file: */ > + if ((GifFile = EGifOpenFileHandle(1, &Error)) == NULL) { > + PrintGifError(Error); > ++ free(OutputBuffer); > ++ GifFreeMapObject(OutputColorMap); > + exit(EXIT_FAILURE); > + } > + > +@@ -179,6 +181,8 @@ static void SaveGif(GifByteType *OutputBuffer, > + EGifPutImageDesc(GifFile, > + 0, 0, Width, Height, false, NULL) == GIF_ERROR) { > + PrintGifError(Error); > ++ free(OutputBuffer); > ++ GifFreeMapObject(OutputColorMap); > + exit(EXIT_FAILURE); > + } > + > +@@ -187,8 +191,11 @@ static void SaveGif(GifByteType *OutputBuffer, > + GifFile->Image.Width, GifFile->Image.Height); > + > + for (i = 0; i < Height; i++) { > +- if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) > ++ if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) { > ++ free(OutputBuffer); > ++ GifFreeMapObject(OutputColorMap); > + exit(EXIT_FAILURE); > ++ } > + GifQprintf("\b\b\b\b%-4d", Height - i - 1); > + > + Ptr += Width; > +@@ -196,6 +203,8 @@ static void SaveGif(GifByteType *OutputBuffer, > + > + if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) { > + PrintGifError(Error); > ++ free(OutputBuffer); > ++ GifFreeMapObject(OutputColorMap); > + exit(EXIT_FAILURE); > + } > + } > +-- > +2.43.0 > + > -- > 2.43.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: New security patch 2023-12-05 23:59 ` [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: " Adam Duskett 2023-12-18 16:46 ` Yann E. MORIN @ 2024-01-07 9:29 ` Peter Korsgaard 2024-01-07 12:10 ` Yann E. MORIN 1 sibling, 1 reply; 14+ messages in thread From: Peter Korsgaard @ 2024-01-07 9:29 UTC (permalink / raw) To: Adam Duskett; +Cc: Bernd Kuhls, buildroot >>>>> "Adam" == Adam Duskett <adam.duskett@amarulasolutions.com> writes: > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > --- > ...veral-defects-found-by-Coverity-scan.patch | 61 +++++++++++++++++++ > 1 file changed, 61 insertions(+) > create mode 100644 package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > diff --git a/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > new file mode 100644 > index 0000000000..1719769872 > --- /dev/null > +++ b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > @@ -0,0 +1,61 @@ > +From a1c48b91cd1cf1e9bf7077709b69f4bfd4c4abc7 Mon Sep 17 00:00:00 2001 > +From: Sandro Mani <manisandro@gmail.com> > +Date: Tue, 5 Dec 2023 16:38:48 -0700 > +Subject: [PATCH] Fix several defects found by Coverity scan > + > +From: giflib-5.2.1-17.fc39.src.rpm > +Upstream: Not submitted No upstream and no CVE? Where does this fix then come from? -- Bye, Peter Korsgaard _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: New security patch 2024-01-07 9:29 ` Peter Korsgaard @ 2024-01-07 12:10 ` Yann E. MORIN 2024-01-07 16:17 ` Peter Korsgaard 2024-01-07 20:03 ` Peter Seiderer via buildroot 0 siblings, 2 replies; 14+ messages in thread From: Yann E. MORIN @ 2024-01-07 12:10 UTC (permalink / raw) To: Peter Korsgaard; +Cc: Adam Duskett, Bernd Kuhls, buildroot Peter, All, On 2024-01-07 10:29 +0100, Peter Korsgaard spake thusly: > >>>>> "Adam" == Adam Duskett <adam.duskett@amarulasolutions.com> writes: > > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > > --- > > ...veral-defects-found-by-Coverity-scan.patch | 61 +++++++++++++++++++ > > 1 file changed, 61 insertions(+) > > create mode 100644 package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > > > diff --git a/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > > new file mode 100644 > > index 0000000000..1719769872 > > --- /dev/null > > +++ b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > > @@ -0,0 +1,61 @@ > > +From a1c48b91cd1cf1e9bf7077709b69f4bfd4c4abc7 Mon Sep 17 00:00:00 2001 > > +From: Sandro Mani <manisandro@gmail.com> > > +Date: Tue, 5 Dec 2023 16:38:48 -0700 > > +Subject: [PATCH] Fix several defects found by Coverity scan > > + > > +From: giflib-5.2.1-17.fc39.src.rpm > > +Upstream: Not submitted > > No upstream and no CVE? Where does this fix then come from? I was a bit sloppy when applying that one, indeed. As the commit log mention, it's taken from the Fedora 39 source package, and I believed it was enough reference. Looking at that source package, it matches the patch named giflib_coverity.patch and the Fedora dist-git for that patch date back to 2020-02-17: https://src.fedoraproject.org/rpms/giflib/c/df94d26a07ac8772b3380f4e5b4145daa7bf65e1?branch=rawhide As far as I could find, it has not been submitted upstream, and upstream looks like it has been pretty mothballed for a while now; last commit was on 2019-08-17: https://sourceforge.net/p/giflib/mailman/giflib-devel/ https://sourceforge.net/p/giflib/code/ci/master/tree/ I could not find any associated CVE: https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Aa%3Agiflib_project%3Agiflib%3A5.2.1%3A*%3A*%3A*%3A*%3A*%3A*%3A* Looking at the code, I doubt it is a security issue, in fact. It's probably just a memory leak, as the free() is replaced by this function: 79 void 80 GifFreeMapObject(ColorMapObject *Object) 81 { 82 if (Object != NULL) { 83 (void)free(Object->Colors); 84 (void)free(Object); 85 } 86 } So, Object->Colors leaked, but I don't think it was a "security" issue. Regards, Yann E. MORIN. -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: New security patch 2024-01-07 12:10 ` Yann E. MORIN @ 2024-01-07 16:17 ` Peter Korsgaard 2024-01-07 20:03 ` Peter Seiderer via buildroot 1 sibling, 0 replies; 14+ messages in thread From: Peter Korsgaard @ 2024-01-07 16:17 UTC (permalink / raw) To: Yann E. MORIN; +Cc: Adam Duskett, Bernd Kuhls, buildroot >>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes: > Peter, All, > On 2024-01-07 10:29 +0100, Peter Korsgaard spake thusly: >> >>>>> "Adam" == Adam Duskett <adam.duskett@amarulasolutions.com> writes: >> > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> >> > --- >> > ...veral-defects-found-by-Coverity-scan.patch | 61 +++++++++++++++++++ >> > 1 file changed, 61 insertions(+) >> > create mode 100644 package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch >> >> > diff --git >> > a/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch >> > b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch >> > new file mode 100644 >> > index 0000000000..1719769872 >> > --- /dev/null >> > +++ b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch >> > @@ -0,0 +1,61 @@ >> > +From a1c48b91cd1cf1e9bf7077709b69f4bfd4c4abc7 Mon Sep 17 00:00:00 2001 >> > +From: Sandro Mani <manisandro@gmail.com> >> > +Date: Tue, 5 Dec 2023 16:38:48 -0700 >> > +Subject: [PATCH] Fix several defects found by Coverity scan >> > + >> > +From: giflib-5.2.1-17.fc39.src.rpm >> > +Upstream: Not submitted >> >> No upstream and no CVE? Where does this fix then come from? > I was a bit sloppy when applying that one, indeed. As the commit log > mention, it's taken from the Fedora 39 source package, and I believed it > was enough reference. > Looking at that source package, it matches the patch named giflib_coverity.patch > and the Fedora dist-git for that patch date back to 2020-02-17: > https://src.fedoraproject.org/rpms/giflib/c/df94d26a07ac8772b3380f4e5b4145daa7bf65e1?branch=rawhide > As far as I could find, it has not been submitted upstream, and upstream > looks like it has been pretty mothballed for a while now; last commit > was on 2019-08-17: > https://sourceforge.net/p/giflib/mailman/giflib-devel/ > https://sourceforge.net/p/giflib/code/ci/master/tree/ > I could not find any associated CVE: > https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Aa%3Agiflib_project%3Agiflib%3A5.2.1%3A*%3A*%3A*%3A*%3A*%3A*%3A* > Looking at the code, I doubt it is a security issue, in fact. It's > probably just a memory leak, as the free() is replaced by this function: > 79 void > 80 GifFreeMapObject(ColorMapObject *Object) > 81 { > 82 if (Object != NULL) { > 83 (void)free(Object->Colors); > 84 (void)free(Object); > 85 } > 86 } > So, Object->Colors leaked, but I don't think it was a "security" issue. Ok, thanks for the details. I'll add it anyway to the backports for consistency. -- Bye, Peter Korsgaard _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: New security patch 2024-01-07 12:10 ` Yann E. MORIN 2024-01-07 16:17 ` Peter Korsgaard @ 2024-01-07 20:03 ` Peter Seiderer via buildroot 2024-01-07 21:13 ` Yann E. MORIN 1 sibling, 1 reply; 14+ messages in thread From: Peter Seiderer via buildroot @ 2024-01-07 20:03 UTC (permalink / raw) To: Yann E. MORIN; +Cc: Bernd Kuhls, Adam Duskett, buildroot On Sun, 7 Jan 2024 13:10:30 +0100, "Yann E. MORIN" <yann.morin.1998@free.fr> wrote: > Peter, All, > > On 2024-01-07 10:29 +0100, Peter Korsgaard spake thusly: > > >>>>> "Adam" == Adam Duskett <adam.duskett@amarulasolutions.com> writes: > > > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > > > --- > > > ...veral-defects-found-by-Coverity-scan.patch | 61 +++++++++++++++++++ > > > 1 file changed, 61 insertions(+) > > > create mode 100644 package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > > > > > diff --git a/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > > > new file mode 100644 > > > index 0000000000..1719769872 > > > --- /dev/null > > > +++ b/package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch > > > @@ -0,0 +1,61 @@ > > > +From a1c48b91cd1cf1e9bf7077709b69f4bfd4c4abc7 Mon Sep 17 00:00:00 2001 > > > +From: Sandro Mani <manisandro@gmail.com> > > > +Date: Tue, 5 Dec 2023 16:38:48 -0700 > > > +Subject: [PATCH] Fix several defects found by Coverity scan > > > + > > > +From: giflib-5.2.1-17.fc39.src.rpm > > > +Upstream: Not submitted > > > > No upstream and no CVE? Where does this fix then come from? > > I was a bit sloppy when applying that one, indeed. As the commit log > mention, it's taken from the Fedora 39 source package, and I believed it > was enough reference. > > Looking at that source package, it matches the patch named giflib_coverity.patch > and the Fedora dist-git for that patch date back to 2020-02-17: > https://src.fedoraproject.org/rpms/giflib/c/df94d26a07ac8772b3380f4e5b4145daa7bf65e1?branch=rawhide > > As far as I could find, it has not been submitted upstream, and upstream > looks like it has been pretty mothballed for a while now; last commit > was on 2019-08-17: > https://sourceforge.net/p/giflib/mailman/giflib-devel/ > https://sourceforge.net/p/giflib/code/ci/master/tree/ > > I could not find any associated CVE: > > https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Aa%3Agiflib_project%3Agiflib%3A5.2.1%3A*%3A*%3A*%3A*%3A*%3A*%3A* > > Looking at the code, I doubt it is a security issue, in fact. It's > probably just a memory leak, as the free() is replaced by this function: > > 79 void > 80 GifFreeMapObject(ColorMapObject *Object) > 81 { > 82 if (Object != NULL) { > 83 (void)free(Object->Colors); > 84 (void)free(Object); > 85 } > 86 } > > So, Object->Colors leaked, but I don't think it was a "security" issue. Matter of judgment if a (very theoretically) denial-of-service/out-of-memory is counted as 'security' issue ;-) Regards, Peter > > Regards, > Yann E. MORIN. > _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: New security patch 2024-01-07 20:03 ` Peter Seiderer via buildroot @ 2024-01-07 21:13 ` Yann E. MORIN 0 siblings, 0 replies; 14+ messages in thread From: Yann E. MORIN @ 2024-01-07 21:13 UTC (permalink / raw) To: Peter Seiderer; +Cc: Bernd Kuhls, Adam Duskett, buildroot Peter, All, On 2024-01-07 21:03 +0100, Peter Seiderer spake thusly: > On Sun, 7 Jan 2024 13:10:30 +0100, "Yann E. MORIN" <yann.morin.1998@free.fr> wrote: [--SNIP--] > > Looking at the code, I doubt it is a security issue, in fact. It's > > probably just a memory leak, as the free() is replaced by this function: [--SNIP--] > > So, Object->Colors leaked, but I don't think it was a "security" issue. > Matter of judgment if a (very theoretically) denial-of-service/out-of-memory is counted > as 'security' issue ;-) Sure, but the affected code is in the gif2rgb program, not in the library, so the effects of the memory leak are limited to the time the program runs. gif2rgb only handles a single intput file, so it is short-lived, and the leaked memory is reclaimed once the program is reaped. Also note that the program does an exit() right after freeing that memory; it does not ensure that any other allocated memory is freed before exiting, so there might anyway be more memory that leaks. So yes, it's better do free memory with the semantically corresponding funtion (GifMapObject() -> GifFreeMapObject()), but it would have real difficulties getting classified as a security issue *in this specific case*. The only way this leaked memory could cause an issue, is if the program is not reaped. But then, if someone is able to attack the system by leaving zombies around, whether those zombies leaked memory or not is of no concern. So I think, but of course, security is so difficult that I may easily be wrong. Regards, Yann E. MORIN. -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2024-01-07 21:13 UTC | newest] Thread overview: 14+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-12-05 23:59 [Buildroot] [PATCH 0/3] package/giflib security fixes Adam Duskett 2023-12-05 23:59 ` [Buildroot] [PATCH 1/3] package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch Adam Duskett 2023-12-18 16:45 ` Yann E. MORIN 2024-01-07 9:29 ` Peter Korsgaard 2023-12-05 23:59 ` [Buildroot] [PATCH 2/3] package/giflib/0003-Fix-CVE-2023-39742.patch: " Adam Duskett 2023-12-18 16:45 ` Yann E. MORIN 2024-01-07 9:29 ` Peter Korsgaard 2023-12-05 23:59 ` [Buildroot] [PATCH 3/3] package/giflib/0004-Fix-several-defects-found-by-Coverity-scan.patch: " Adam Duskett 2023-12-18 16:46 ` Yann E. MORIN 2024-01-07 9:29 ` Peter Korsgaard 2024-01-07 12:10 ` Yann E. MORIN 2024-01-07 16:17 ` Peter Korsgaard 2024-01-07 20:03 ` Peter Seiderer via buildroot 2024-01-07 21:13 ` Yann E. MORIN
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox