mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 00:39:46 +00:00
Code Issues Projects Releases Wiki Activity

ghostscript: fix CVE-2024-29509

Browse Source 
(From OE-Core rev: 18c55a131b0627b906de29f8c4cbd1526154cd60)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Archana Polampalli
2024-08-08 11:05:42 +00:00
committed by Steve Sakoman
parent 204b28c419
commit 52cfc78696
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29509.patch
+45
View File
@@ -0,0 +1,45 @@
From 917b3a71fb20748965254631199ad98210d6c2fb Mon Sep 17 00:00:00 2001
From: Ken Sharp <Ken.Sharp@artifex.com>
Date: Thu, 25 Jan 2024 11:58:22 +0000
Subject: [PATCH] Bug 707510 - don't use strlen on passwords
Item #1 of the report. This looks like an oversight when first coding
the routine. We should use the PostScript string length, because
PostScript strings may not be NULL terminated (and as here may contain
internal NULL characters).
Fix the R6 handler which has the same problem too.
CVE: CVE-2024-29509
Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=917b3a71fb20748965254631199ad98210d6c2fb]
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
pdf/pdf_sec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pdf/pdf_sec.c b/pdf/pdf_sec.c
index ff60805..2bb59e1 100644
--- a/pdf/pdf_sec.c
+++ b/pdf/pdf_sec.c
@@ -1250,7 +1250,7 @@ static int check_password_R5(pdf_context *ctx, char *Password, int PasswordLen,
if (code < 0) {
pdf_string *P = NULL, *P_UTF8 = NULL;
- code = pdfi_object_alloc(ctx, PDF_STRING, strlen(ctx->encryption.Password), (pdf_obj **)&P);
+ code = pdfi_object_alloc(ctx, PDF_STRING, PasswordLen, (pdf_obj **)&P);
if (code < 0) {
return code;
}
@@ -1300,7 +1300,7 @@ static int check_password_R6(pdf_context *ctx, char *Password, int PasswordLen,
if (code < 0) {
pdf_string *P = NULL, *P_UTF8 = NULL;
- code = pdfi_object_alloc(ctx, PDF_STRING, strlen(ctx->encryption.Password), (pdf_obj **)&P);
+ code = pdfi_object_alloc(ctx, PDF_STRING, PasswordLen, (pdf_obj **)&P);
if (code < 0)
return code;
memcpy(P->data, Password, PasswordLen);
--
2.40.0
meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+1
View File
@@ -52,6 +52,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://CVE-2023-52722.patch \ file://CVE-2023-52722.patch \
file://CVE-2024-29511-0001.patch \ file://CVE-2024-29511-0001.patch \
file://CVE-2024-29511-0002.patch \ file://CVE-2024-29511-0002.patch \
file://CVE-2024-29509.patch \
" "
SRC_URI = "${SRC_URI_BASE} \ SRC_URI = "${SRC_URI_BASE} \