Fix CVE-2017-7544

Tue Jul 25 21:38:56 2017 UTC (2 months, 2 weeks ago) by marcusmeissner
Branch: MAIN
CVS Tags: HEAD
Changes since 1.131: +6 -0 lines
Diff to previous 1.131
On saving makernotes, make sure the makernote container tags has a type
with 1 byte components.

Fixes (at least):
	https://sourceforge.net/p/libexif/bugs/130
	https://sourceforge.net/p/libexif/bugs/129

[Version] 0.6.21-3
[Profile] Common
[Issue Type] CVE

Change-Id: I2649b5cadbac7c7cd285d537b918dda56e637f3a
Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>

diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index cbc1f1d..7f23cef 100755 (executable)
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e,
                        exif_mnote_data_set_offset (data->priv->md, *ds - 6);
                        exif_mnote_data_save (data->priv->md, &e->data, &e->size);
                        e->components = e->size;
+                       if (exif_format_get_size (e->format) != 1) {
+                               /* e->format is taken from input code,
+                                * but we need to make sure it is a 1 byte
+                                * entity due to the multiplication below. */
+                               e->format = EXIF_FORMAT_UNDEFINED;
+                       }
                }
        }
 

diff --git a/packaging/libexif.spec b/packaging/libexif.spec
index 3f9fb91..c6030ed 100644 (file)
--- a/packaging/libexif.spec
+++ b/packaging/libexif.spec
@@ -1,6 +1,6 @@
 Name:           libexif
 Version:        0.6.21
-Release:        2
+Release:        3
 License:        LGPL-2.1
 Summary:        An EXIF Tag Parsing Library for Digital Cameras
 Url:            http://libexif.sourceforge.net