mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

opencv: Add fix for CVE-2019-5063 and CVE-2019-5064

Browse Source 
Added fix for below CVE's

CVE-2019-5063
CVE-2019-5064
Link: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch

Signed-off-by: akash hadke <akash.hadke@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
akash.hadke
2021-05-25 13:29:14 +05:30
committed by Armin Kuster
parent f56fb13a2c
commit 943f5560aa
2 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch
+78
View File
@@ -0,0 +1,78 @@
From f42d5399aac80d371b17d689851406669c9b9111 Mon Sep 17 00:00:00 2001
From: Alexander Alekhin <alexander.alekhin@intel.com>
Date: Thu, 7 Nov 2019 14:01:51 +0300
Subject: [PATCH] core(persistence): add more checks for implementation
limitations
Signed-off-by: akash hadke <akash.hadke@kpit.com>
---
modules/core/src/persistence_json.cpp | 8 ++++++++
modules/core/src/persistence_xml.cpp | 6 ++++--
2 files changed, 12 insertions(+), 2 deletions(-)
---
CVE: CVE-2019-5063
CVE: CVE-2019-5064
Upstream-Status: Backport [https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch]
---
diff --git a/modules/core/src/persistence_json.cpp b/modules/core/src/persistence_json.cpp
index 89914e6534f..2efdf17d3f5 100644
--- a/modules/core/src/persistence_json.cpp
+++ b/modules/core/src/persistence_json.cpp
@@ -578,10 +578,14 @@ class JSONParser : public FileStorageParser
sz = (int)(ptr - beg);
if( sz > 0 )
{
+ if (i + sz >= CV_FS_MAX_LEN)
+ CV_PARSE_ERROR_CPP("string is too long");
memcpy(buf + i, beg, sz);
i += sz;
}
ptr++;
+ if (i + 1 >= CV_FS_MAX_LEN)
+ CV_PARSE_ERROR_CPP("string is too long");
switch ( *ptr )
{
case '\\':
@@ -605,6 +609,8 @@ class JSONParser : public FileStorageParser
sz = (int)(ptr - beg);
if( sz > 0 )
{
+ if (i + sz >= CV_FS_MAX_LEN)
+ CV_PARSE_ERROR_CPP("string is too long");
memcpy(buf + i, beg, sz);
i += sz;
}
@@ -620,6 +626,8 @@ class JSONParser : public FileStorageParser
sz = (int)(ptr - beg);
if( sz > 0 )
{
+ if (i + sz >= CV_FS_MAX_LEN)
+ CV_PARSE_ERROR_CPP("string is too long");
memcpy(buf + i, beg, sz);
i += sz;
}
diff --git a/modules/core/src/persistence_xml.cpp b/modules/core/src/persistence_xml.cpp
index 89876dd3da8..52b53744254 100644
--- a/modules/core/src/persistence_xml.cpp
+++ b/modules/core/src/persistence_xml.cpp
@@ -627,6 +627,8 @@ class XMLParser : public FileStorageParser
c = '\"';
else
{
+ if (len + 2 + i >= CV_FS_MAX_LEN)
+ CV_PARSE_ERROR_CPP("string is too long");
memcpy( strbuf + i, ptr-1, len + 2 );
i += len + 2;
}
@@ -635,9 +637,9 @@ class XMLParser : public FileStorageParser
CV_PERSISTENCE_CHECK_END_OF_BUFFER_BUG_CPP();
}
}
+ if (i + 1 >= CV_FS_MAX_LEN)
+ CV_PARSE_ERROR_CPP("Too long string literal");
strbuf[i++] = c;
- if( i >= CV_FS_MAX_LEN )
- CV_PARSE_ERROR_CPP( "Too long string literal" );
}
elem->setValue(FileNode::STRING, strbuf, i);
}
meta-oe/recipes-support/opencv/opencv_4.1.0.bb
+1
View File
@@ -54,6 +54,7 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \
file://CVE-2019-14493.patch \
file://CVE-2019-15939.patch \
file://CVE-2019-19624.patch \
file://CVE-2019-5063_and_2019-5064.patch \
"
PV = "4.1.0"