rpms/libexif/FC-5 libexif-cve-2007-4168.patch, 1.1, 1.2 libexif.spec, 1.18, 1.19

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Jun 13 20:25:06 UTC 2007 

Author: mclasen

Update of /cvs/dist/rpms/libexif/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv2523

Modified Files:
	libexif-cve-2007-4168.patch libexif.spec 
Log Message:
Fix another issues


libexif-cve-2007-4168.patch:
 exif-data.c |   26 +++++++++++++++++---------
 1 files changed, 17 insertions(+), 9 deletions(-)

Index: libexif-cve-2007-4168.patch
===================================================================
RCS file: /cvs/dist/rpms/libexif/FC-5/libexif-cve-2007-4168.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- libexif-cve-2007-4168.patch	13 Jun 2007 14:45:41 -0000	1.1
+++ libexif-cve-2007-4168.patch	13 Jun 2007 20:24:58 -0000	1.2
@@ -1,6 +1,15 @@
---- libexif-0.6.13/libexif/exif-data.c.cve-2007-4168	2005-08-22 16:32:02.000000000 -0400
-+++ libexif-0.6.13/libexif/exif-data.c	2007-06-12 12:14:35.000000000 -0400
-@@ -174,9 +174,15 @@ exif_data_load_data_entry (ExifData *dat
+--- libexif-0.5.12/libexif/exif-data.c.cve-2007-4168	2007-06-13 15:33:05.000000000 -0400
++++ libexif-0.5.12/libexif/exif-data.c	2007-06-13 15:36:47.000000000 -0400
+@@ -83,7 +83,7 @@ exif_data_new_from_data (const unsigned 
+ 	return (edata);
+ }
+ 
+-static void
++static int
+ exif_data_load_data_entry (ExifData *data, ExifEntry *entry,
+ 			   const unsigned char *d,
+ 			   unsigned int size, unsigned int offset)
+@@ -98,9 +98,15 @@ exif_data_load_data_entry (ExifData *dat
  	 * Size? If bigger than 4 bytes, the actual data is not
  	 * in the entry but somewhere else (offset).
  	 */
@@ -11,11 +20,42 @@
 +         *   -> { 0x000000000 .. 0x7fffffff8 } */
 +        s = exif_format_get_size(entry->format) * entry->components;
 +        if (s < entry->components) {
-+                return;
++                return 0;
 +        }
 +        if (0 == s)
-+                return;
++                return 0;
 +
  	if (s > 4)
  		doff = exif_get_long (d + offset + 8, data->priv->order);
  	else
+@@ -110,13 +116,15 @@ exif_data_load_data_entry (ExifData *dat
+ 	if ((doff + s < doff) || (doff + s < s))
+ 		return 0;
+ 	if (size < doff + s)
+-		return;
++		return 0;
+ 
+ 	entry->data = malloc (sizeof (char) * s);
+ 	if (!entry->data)
+-		return;
++		return 0;
+ 	entry->size = s;
+ 	memcpy (entry->data, d + doff, s);
++
++	return 1;
+ }
+ 
+ static void
+@@ -244,9 +252,9 @@ exif_data_load_data_content (ExifData *d
+ 			break;
+ 		default:
+ 			entry = exif_entry_new ();
+-			exif_content_add_entry (ifd, entry);
+-			exif_data_load_data_entry (data, entry, d, ds,
+-						   offset + 12 * i);
++			if (exif_data_load_data_entry (data, entry, d, ds,
++						       offset + 12 * i))
++				exif_content_add_entry (ifd, entry);
+ 			exif_entry_unref (entry);
+ 			break;
+ 		}


Index: libexif.spec
===================================================================
RCS file: /cvs/dist/rpms/libexif/FC-5/libexif.spec,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- libexif.spec	13 Jun 2007 14:45:41 -0000	1.18
+++ libexif.spec	13 Jun 2007 20:24:58 -0000	1.19
@@ -1,7 +1,7 @@
 Summary: Library for extracting extra information from image files
 Name: libexif
 Version: 0.6.12
-Release: 4
+Release: 5
 Group: System Environment/Libraries
 License: LGPL
 URL: http://libexif.sourceforge.net/
@@ -65,7 +65,7 @@
 %{_libdir}/pkgconfig/libexif.pc
 
 %changelog
-* Wed Jun 13 2007 Matthias Clasen <mclasen at redhat.com> - 0.6.12-4
+* Wed Jun 13 2007 Matthias Clasen <mclasen at redhat.com> - 0.6.12-5
 -- Add patch for CVE-2007-4168. Fix bug #243891
 
 * Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 0.6.12-3.2.1

More information about the fedora-cvs-commits mailing list