mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
python3-pillow: Fix CVE-2024-28219
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. References: https://nvd.nist.gov/vuln/detail/CVE-2024-28219 https://security-tracker.debian.org/tracker/CVE-2024-28219 Upstream patch: https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
committed by
Gyorgy Sarvari
parent
b0d98aae8c
commit
7c7ab8ad4e
@@ -0,0 +1,43 @@
|
|||||||
|
From 2a93aba5cfcf6e241ab4f9392c13e3b74032c061 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Murray <radarhere@users.noreply.github.com>
|
||||||
|
Date: Thu, 22 Feb 2024 18:56:26 +1100
|
||||||
|
Subject: [PATCH] Use strncpy to avoid buffer overflow
|
||||||
|
|
||||||
|
CVE: CVE-2024-28219
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061]
|
||||||
|
|
||||||
|
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
|
||||||
|
---
|
||||||
|
src/_imagingcms.c | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/_imagingcms.c b/src/_imagingcms.c
|
||||||
|
index 9b5a121d7..b839f09f0 100644
|
||||||
|
--- a/src/_imagingcms.c
|
||||||
|
+++ b/src/_imagingcms.c
|
||||||
|
@@ -201,8 +201,8 @@ cms_transform_new(cmsHTRANSFORM transform, char *mode_in, char *mode_out) {
|
||||||
|
|
||||||
|
self->transform = transform;
|
||||||
|
|
||||||
|
- strcpy(self->mode_in, mode_in);
|
||||||
|
- strcpy(self->mode_out, mode_out);
|
||||||
|
+ strncpy(self->mode_in, mode_in, 8);
|
||||||
|
+ strncpy(self->mode_out, mode_out, 8);
|
||||||
|
|
||||||
|
return (PyObject *)self;
|
||||||
|
}
|
||||||
|
@@ -244,8 +244,8 @@ findLCMStype(char *PILmode) {
|
||||||
|
}
|
||||||
|
|
||||||
|
else {
|
||||||
|
- /* take a wild guess... but you probably should fail instead. */
|
||||||
|
- return TYPE_GRAY_8; /* so there's no buffer overrun... */
|
||||||
|
+ /* take a wild guess... */
|
||||||
|
+ return TYPE_GRAY_8;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.40.0
|
||||||
|
|
||||||
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https
|
|||||||
file://CVE-2023-50447-2.patch \
|
file://CVE-2023-50447-2.patch \
|
||||||
file://CVE-2023-50447-3.patch \
|
file://CVE-2023-50447-3.patch \
|
||||||
file://CVE-2023-50447-4.patch \
|
file://CVE-2023-50447-4.patch \
|
||||||
|
file://CVE-2024-28219.patch \
|
||||||
"
|
"
|
||||||
SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
|
SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user