From: "Armin Kuster" <akuster808@gmail.com>
To: akash hadke <akash.hadke@kpit.com>,
openembedded-core@lists.openembedded.org, raj.khem@gmail.com
Cc: nisha.parrakat@kpit.com, harpritkaur.bhandari@kpit.com
Subject: Re: [OE-core] [meta-oe][dunfell][PATCH] opencv: Add fix for CVE-2019-5063 and CVE-2019-5064
Date: Tue, 25 May 2021 04:48:41 -0700 [thread overview]
Message-ID: <6aaa2037-e3b2-8269-98b4-d64b525b41ff@gmail.com> (raw)
In-Reply-To: <1621929554-4038-1-git-send-email-akash.hadke@kpit.com>
On 5/25/21 12:59 AM, akash hadke wrote:
> From: "akash.hadke" <akash.hadke@kpit.com>
>
> Added fix for below CVE's
>
> CVE-2019-5063
> CVE-2019-5064
> Link: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch
>
> Signed-off-by: akash hadke <akash.hadke@kpit.com>
wrong ml. should be openembedded-devel@.
patch noted.
-armin
> ---
> .../opencv/CVE-2019-5063_and_2019-5064.patch | 78 ++++++++++++++++++++++
> meta-oe/recipes-support/opencv/opencv_4.1.0.bb | 1 +
> 2 files changed, 79 insertions(+)
> create mode 100644 meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch
>
> diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch
> new file mode 100644
> index 0000000..b4d5e6d
> --- /dev/null
> +++ b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch
> @@ -0,0 +1,78 @@
> +From f42d5399aac80d371b17d689851406669c9b9111 Mon Sep 17 00:00:00 2001
> +From: Alexander Alekhin <alexander.alekhin@intel.com>
> +Date: Thu, 7 Nov 2019 14:01:51 +0300
> +Subject: [PATCH] core(persistence): add more checks for implementation
> + limitations
> +
> +Signed-off-by: akash hadke <akash.hadke@kpit.com>
> +---
> + modules/core/src/persistence_json.cpp | 8 ++++++++
> + modules/core/src/persistence_xml.cpp | 6 ++++--
> + 2 files changed, 12 insertions(+), 2 deletions(-)
> +---
> +CVE: CVE-2019-5063
> +CVE: CVE-2019-5064
> +Upstream-Status: Backport [https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch]
> +---
> +diff --git a/modules/core/src/persistence_json.cpp b/modules/core/src/persistence_json.cpp
> +index 89914e6534f..2efdf17d3f5 100644
> +--- a/modules/core/src/persistence_json.cpp
> ++++ b/modules/core/src/persistence_json.cpp
> +@@ -578,10 +578,14 @@ class JSONParser : public FileStorageParser
> + sz = (int)(ptr - beg);
> + if( sz > 0 )
> + {
> ++ if (i + sz >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("string is too long");
> + memcpy(buf + i, beg, sz);
> + i += sz;
> + }
> + ptr++;
> ++ if (i + 1 >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("string is too long");
> + switch ( *ptr )
> + {
> + case '\\':
> +@@ -605,6 +609,8 @@ class JSONParser : public FileStorageParser
> + sz = (int)(ptr - beg);
> + if( sz > 0 )
> + {
> ++ if (i + sz >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("string is too long");
> + memcpy(buf + i, beg, sz);
> + i += sz;
> + }
> +@@ -620,6 +626,8 @@ class JSONParser : public FileStorageParser
> + sz = (int)(ptr - beg);
> + if( sz > 0 )
> + {
> ++ if (i + sz >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("string is too long");
> + memcpy(buf + i, beg, sz);
> + i += sz;
> + }
> +diff --git a/modules/core/src/persistence_xml.cpp b/modules/core/src/persistence_xml.cpp
> +index 89876dd3da8..52b53744254 100644
> +--- a/modules/core/src/persistence_xml.cpp
> ++++ b/modules/core/src/persistence_xml.cpp
> +@@ -627,6 +627,8 @@ class XMLParser : public FileStorageParser
> + c = '\"';
> + else
> + {
> ++ if (len + 2 + i >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("string is too long");
> + memcpy( strbuf + i, ptr-1, len + 2 );
> + i += len + 2;
> + }
> +@@ -635,9 +637,9 @@ class XMLParser : public FileStorageParser
> + CV_PERSISTENCE_CHECK_END_OF_BUFFER_BUG_CPP();
> + }
> + }
> ++ if (i + 1 >= CV_FS_MAX_LEN)
> ++ CV_PARSE_ERROR_CPP("Too long string literal");
> + strbuf[i++] = c;
> +- if( i >= CV_FS_MAX_LEN )
> +- CV_PARSE_ERROR_CPP( "Too long string literal" );
> + }
> + elem->setValue(FileNode::STRING, strbuf, i);
> + }
> diff --git a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
> index de708fd..19d5d0c 100644
> --- a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
> +++ b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
> @@ -54,6 +54,7 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \
> file://CVE-2019-14493.patch \
> file://CVE-2019-15939.patch \
> file://CVE-2019-19624.patch \
> + file://CVE-2019-5063_and_2019-5064.patch \
> "
> PV = "4.1.0"
>
>
>
>
next prev parent reply other threads:[~2021-05-25 11:48 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-25 7:59 [meta-oe][dunfell][PATCH] opencv: Add fix for CVE-2019-5063 and CVE-2019-5064 akash hadke
2021-05-25 11:48 ` Armin Kuster [this message]
2021-06-10 4:26 ` akash hadke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6aaa2037-e3b2-8269-98b4-d64b525b41ff@gmail.com \
--to=akuster808@gmail.com \
--cc=akash.hadke@kpit.com \
--cc=harpritkaur.bhandari@kpit.com \
--cc=nisha.parrakat@kpit.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=raj.khem@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox