review.tizen.org Git - platform/upstream/libexif.git/commit

author	Dan Fandrich <dan@coneharvesters.com>
	Sat, 16 May 2020 15:32:28 +0000 (17:32 +0200)
committer	Jeongmo Yang <jm80.yang@samsung.com>
	Mon, 8 Jun 2020 02:47:40 +0000 (11:47 +0900)
commit	5819a64fcec0610e4ab984887e141c1a619d8687
tree	85f32df85fbaff2f3b5aa8e71ec6f1a4c7b0af92	tree \| snapshot
parent	cc7979ec2644ee461a7592311533839c39d24e4a	commit \| diff

Fix MakerNote tag size overflow issues at read time.

Check for a size overflow while reading tags, which ensures that the
size is always consistent for the given components and type of the
entry, making checking further down superfluous.

This provides an alternate fix for
https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 and for all
the MakerNote types. Likely, this makes both commits 41bd0423 and
89e5b1c1 redundant as it ensures that MakerNote entries are well-formed
when they're populated.

Some improvements on top by Marcus Meissner <marcus@jet.franken.de>

CVE-2020-13112

Change-Id: I334efda3fbf2b0bae831f74e8fa866303d0ec93b
Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>

libexif/canon/exif-mnote-data-canon.c		diff \| blob \| history
libexif/fuji/exif-mnote-data-fuji.c		diff \| blob \| history
libexif/olympus/exif-mnote-data-olympus.c		diff \| blob \| history
libexif/pentax/exif-mnote-data-pentax.c		diff \| blob \| history