projects / platform / upstream / libexif.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a5a1f5e) | patch
Fix MakerNote tag size overflow issues at read time.
authorDan Fandrich <dan@coneharvesters.com>
Sat, 16 May 2020 15:32:28 +0000 (17:32 +0200)
committerMarcus Meissner <meissner@suse.de>
Sat, 16 May 2020 15:34:01 +0000 (17:34 +0200)
commit435e21f05001fb03f9f186fa7cbc69454afd00d1
treed357c306a3d719786b78a7abb163c67cdca01f30tree | snapshot
parenta5a1f5efff79d8dbb109029ebe07193ceac6ba0bcommit | diff
Fix MakerNote tag size overflow issues at read time.

Check for a size overflow while reading tags, which ensures that the
size is always consistent for the given components and type of the
entry, making checking further down superfluous.

This provides an alternate fix for
https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 and for all
the MakerNote types. Likely, this makes both commits 41bd0423 and
89e5b1c1 redundant as it ensures that MakerNote entries are well-formed
when they're populated.

Some improvements on top by Marcus Meissner <marcus@jet.franken.de>

CVE-2020-13112
libexif/canon/exif-mnote-data-canon.c diff | blob | history
libexif/fuji/exif-mnote-data-fuji.c diff | blob | history
libexif/olympus/exif-mnote-data-olympus.c diff | blob | history
libexif/pentax/exif-mnote-data-pentax.c diff | blob | history
Domain: Multimedia / Media Camera;