main/file: backport a few CVE fixes

- CVE-2019-8905 - CVE-2019-8906 - CVE-2019-8907
author: Leo <thinkabit.ukim@gmail.com> 2019-07-16 15:50:16 -0300
committer: Natanael Copa <ncopa@alpinelinux.org> 2019-07-17 07:08:38 +0200
commit: e417e312a2460b385bd5003089c29af549f19b14 (patch)
tree: 9e8bd590ed2edce8028da5183c3c20886b81f9fb /main
parent: d53ed0c4c1d95491577c154f337313ee72703ef8 (diff)
download: aports-e417e312a2460b385bd5003089c29af549f19b14.tar.bz2
aports-e417e312a2460b385bd5003089c29af549f19b14.tar.xz
3 files changed, 130 insertions, 3 deletions
diff --git a/main/file/APKBUILD b/main/file/APKBUILD
index 58477ab711..ad6680b832 100644
--- a/main/file/APKBUILD
+++ b/main/file/APKBUILD
@@ -2,15 +2,24 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=file
 pkgver=5.32
-pkgrel=0
+pkgrel=1
 pkgdesc="File type identification utility"
 url="http://www.darwinsys.com/file/"
 arch="all"
 license="BSD"
 subpackages="$pkgname-dev $pkgname-doc libmagic"
-source="ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz"
+source="ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz
+	CVE-2019-8906.patch
+	CVE-2019-8905-and-CVE-2019-8907.patch
+	"
 builddir="$srcdir/$pkgname-$pkgver"
 
+# secfixes:
+#   5.32-r1:
+#     - CVE-2019-8905
+#     - CVE-2019-8906
+#     - CVE-2019-8907
+
 build() {
 	cd "$builddir"
 	./configure \
@@ -37,4 +46,6 @@ libmagic() {
 	mv "$pkgdir"/usr/lib "$pkgdir"/usr/share "$subpkgdir"/usr
 }
 
-sha512sums="315343229fa196335389544ee8010e9e80995ef4721938492dedcfb0465dfc45e1feb96f26dfe53cab484fb5d9bac54d2d72917fbfd28a1d998c6ad8c8f9792f  file-5.32.tar.gz"
+sha512sums="315343229fa196335389544ee8010e9e80995ef4721938492dedcfb0465dfc45e1feb96f26dfe53cab484fb5d9bac54d2d72917fbfd28a1d998c6ad8c8f9792f  file-5.32.tar.gz
+f54a16dbca2b5a490405e323924fb2657cc67f73648ad5203b41c13da1dc98e5ca64fc6c94415386538d3c2124f487fc3bf86082ce1571a24d05f5a5e213da08  CVE-2019-8906.patch
+5b8058fd39d9f9d91c7d8377708068dc0161abdbbb7fdb3d1bd9358b297133e425252758b45cccec937a7c51226d4f6dd67f5a13ff935a4353a44f140f011a7e  CVE-2019-8905-and-CVE-2019-8907.patch"
diff --git a/main/file/CVE-2019-8905-and-CVE-2019-8907.patch b/main/file/CVE-2019-8905-and-CVE-2019-8907.patch
new file mode 100644
index 0000000000..d81c54636f
--- /dev/null
+++ b/main/file/CVE-2019-8905-and-CVE-2019-8907.patch
@@ -0,0 +1,102 @@
+diff --git a/src/file.h b/src/file.h
+index eb9c054..6d9d204 100644
+--- a/src/file.h
++++ b/src/file.h
+@@ -491,7 +491,7 @@ protected int file_looks_utf8(const unsigned char *, size_t, unichar *,
+     size_t *);
+ protected size_t file_pstring_length_size(const struct magic *);
+ protected size_t file_pstring_get_length(const struct magic *, const char *);
+-protected char * file_printable(char *, size_t, const char *);
++protected char * file_printable(char *, size_t, const char *, size_t);
+ #ifdef __EMX__
+ protected int file_os2_apptype(struct magic_set *, const char *, const void *,
+     size_t);
+diff --git a/src/funcs.c b/src/funcs.c
+index d7a18f4..eb44261 100644
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -581,12 +581,13 @@ file_pop_buffer(struct magic_set *ms, file_pushbuf_t *pb)
+  * convert string to ascii printable format.
+  */
+ protected char *
+-file_printable(char *buf, size_t bufsiz, const char *str)
++file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
+ {
+-	char *ptr, *eptr;
++	char *ptr, *eptr = buf + bufsiz - 1;
+ 	const unsigned char *s = (const unsigned char *)str;
++	const unsigned char *es = s + slen;
+ 
+-	for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
++	for (ptr = buf;  ptr < eptr && s < es && *s; s++) {
+ 		if (isprint(*s)) {
+ 			*ptr++ = *s;
+ 			continue;
+diff --git a/src/readelf.c b/src/readelf.c
+index 5f425c9..ee466fc 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -725,7 +725,7 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+ 			if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ 			    "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
+ 			    file_printable(sbuf, sizeof(sbuf),
+-			    CAST(char *, pi.cpi_name)),
++				CAST(char *, pi.cpi_name), sizeof(pi.cpi_name)),
+ 			    elf_getu32(swap, pi.cpi_pid),
+ 			    elf_getu32(swap, pi.cpi_euid),
+ 			    elf_getu32(swap, pi.cpi_egid),
+@@ -1563,7 +1563,8 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+ 		return -1;
+ 	if (interp[0])
+ 		if (file_printf(ms, ", interpreter %s",
+-		    file_printable(ibuf, sizeof(ibuf), interp)) == -1)
++			file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp))) 
++				== -1)
+ 			return -1;
+ 	return 0;
+ }
+diff --git a/src/softmagic.c b/src/softmagic.c
+index b9e9753..fa82d58 100644
+--- a/src/softmagic.c
++++ b/src/softmagic.c
+@@ -544,8 +544,8 @@ mprint(struct magic_set *ms, struct magic *m)
+   	case FILE_LESTRING16:
+ 		if (m->reln == '=' || m->reln == '!') {
+ 			if (file_printf(ms, F(ms, m, "%s"), 
+-			    file_printable(sbuf, sizeof(sbuf), m->value.s))
+-			    == -1)
++				file_printable(sbuf, sizeof(sbuf), m->value.s,
++			    sizeof(m->value.s))) == -1)
+ 				return -1;
+ 			t = ms->offset + m->vallen;
+ 		}
+@@ -572,7 +572,8 @@ mprint(struct magic_set *ms, struct magic *m)
+ 			}
+ 
+ 			if (file_printf(ms, F(ms, m, "%s"),
+-			    file_printable(sbuf, sizeof(sbuf), str)) == -1)
++				file_printable(sbuf, sizeof(sbuf), str,
++				sizeof(p->s) - (str - p->s))) == -1)
+ 				return -1;
+ 
+ 			if (m->type == FILE_PSTRING)
+@@ -678,7 +679,7 @@ mprint(struct magic_set *ms, struct magic *m)
+ 			return -1;
+ 		}
+ 		rval = file_printf(ms, F(ms, m, "%s"),
+-		    file_printable(sbuf, sizeof(sbuf), cp));
++		    file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len));
+ 		free(cp);
+ 
+ 		if (rval == -1)
+@@ -705,7 +706,8 @@ mprint(struct magic_set *ms, struct magic *m)
+ 		break;
+ 	case FILE_DER:
+ 		if (file_printf(ms, F(ms, m, "%s"), 
+-		    file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1)
++			file_printable(sbuf, sizeof(sbuf), ms->ms_value.s,
++			sizeof(ms->ms_value.s))) == -1)
+ 			return -1;
+ 		t = ms->offset;
+ 		break;
+
diff --git a/main/file/CVE-2019-8906.patch b/main/file/CVE-2019-8906.patch
new file mode 100644
index 0000000000..05ff2c73fd
--- /dev/null
+++ b/main/file/CVE-2019-8906.patch
@@ -0,0 +1,14 @@
+diff --git a/src/readelf.c b/src/readelf.c
+index 5f425c9..50883fe 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -720,7 +720,7 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+ 			char sbuf[512];
+ 			struct NetBSD_elfcore_procinfo pi;
+ 			memset(&pi, 0, sizeof(pi));
+-			memcpy(&pi, nbuf + doff, descsz);
++			memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
+ 
+ 			if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ 			    "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
+
author	Leo <thinkabit.ukim@gmail.com>	2019-07-16 15:50:16 -0300
committer	Natanael Copa <ncopa@alpinelinux.org>	2019-07-17 07:08:38 +0200
commit	e417e312a2460b385bd5003089c29af549f19b14 (patch)
tree	9e8bd590ed2edce8028da5183c3c20886b81f9fb /main
parent	d53ed0c4c1d95491577c154f337313ee72703ef8 (diff)
download	aports-e417e312a2460b385bd5003089c29af549f19b14.tar.bz2 aports-e417e312a2460b385bd5003089c29af549f19b14.tar.xz