Skip to content

[AUTO-CHERRYPICK] Patch CVE-2024-7006 in libtiff - branch main #10154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
PawelWMS merged 2 commits into from
Aug 19, 2024
Merged

[AUTO-CHERRYPICK] Patch CVE-2024-7006 in libtiff - branch main #10154

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2a49806
Patch CVE-2024-7006 in libtiff (#10136)
aadhar-agarwal Aug 15, 2024
76fcc54
Resolving merge conflicts.
PawelWMS Aug 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions SPECS/libtiff/CVE-2024-7006.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
From 818fb8ce881cf839fbc710f6690aadb992aa0f9e Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Fri, 1 Dec 2023 20:12:25 +0100
Subject: [PATCH] Check return value of _TIFFCreateAnonField().

Fixes #624
---
libtiff/tif_dirinfo.c | 2 +-
libtiff/tif_dirread.c | 16 ++++++----------
2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
index 0e705e8..4cfdaad 100644
--- a/libtiff/tif_dirinfo.c
+++ b/libtiff/tif_dirinfo.c
@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterField(TIFF *tif, uint32_t tag,
if (fld == NULL)
{
fld = _TIFFCreateAnonField(tif, tag, dt);
- if (!_TIFFMergeFields(tif, fld, 1))
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
return NULL;
}

diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 2c49dc6..78396c4 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -4260,11 +4260,9 @@ int TIFFReadDirectory(TIFF *tif)
dp->tdir_tag, dp->tdir_tag);
/* the following knowingly leaks the
anonymous field structure */
- if (!_TIFFMergeFields(
- tif,
- _TIFFCreateAnonField(tif, dp->tdir_tag,
- (TIFFDataType)dp->tdir_type),
- 1))
+ const TIFFField *fld = _TIFFCreateAnonField(
+ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
{
TIFFWarningExtR(
tif, module,
@@ -5138,11 +5136,9 @@ int TIFFReadCustomDirectory(TIFF *tif, toff_t diroff,
"Unknown field with tag %" PRIu16 " (0x%" PRIx16
") encountered",
dp->tdir_tag, dp->tdir_tag);
- if (!_TIFFMergeFields(
- tif,
- _TIFFCreateAnonField(tif, dp->tdir_tag,
- (TIFFDataType)dp->tdir_type),
- 1))
+ const TIFFField *fld = _TIFFCreateAnonField(
+ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
{
TIFFWarningExtR(tif, module,
"Registering anonymous field with tag %" PRIu16
--
2.34.1

10 changes: 7 additions & 3 deletions SPECS/libtiff/libtiff.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
Summary: TIFF libraries and associated utilities.
Name: libtiff
Version: 4.6.0
Release: 3%{?dist}
Release: 4%{?dist}
License: libtiff
Vendor: Microsoft Corporation
Distribution: Mariner
Group: System Environment/Libraries
URL: https://gitlab.com/libtiff/libtiff
Source0: https://gitlab.com/libtiff/libtiff/-/archive/v%{version}/libtiff-v%{version}.tar.gz
Patch0: CVE-2023-52356.patch
Patch1: CVE-2023-6277.patch
Patch1: CVE-2024-7006.patch
Patch2: CVE-2023-6277.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libjpeg-turbo-devel
Expand Down Expand Up @@ -62,9 +63,12 @@ make %{?_smp_mflags} -k check
%{_docdir}/*

%changelog
* Wed Aug 07 2024 Sumedh Sharma <sumsharma@microsoft.com> - 4.6.0-3
* Mon Aug 19 2024 Sumedh Sharma <sumsharma@microsoft.com> - 4.6.0-4
- Add patch to resolve CVE-2023-6277

* Tue Aug 13 2024 Aadhar Agarwal <aadagarwal@microsoft.com> - 4.6.0-3
- Add patch for CVE-2024-7006

* Thu Mar 7 2024 Xiaohong Deng <xiaohongdeng@microsoft.com> - 4.6.0-2
- Add patches for CVE-2023-52356

Expand Down