Fixes from Google Android team for jpgd.cpp security vulnerabilities (incl. CVE-2017-0700) #10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Change-Id: I19028233d2ce79ef08947f00d2ecba20312579cc Fixes: 32769670 (cherry picked from commit 28d83109cba8e1949032c78465649ba21db2d22e) --- (cherry picked from commit 890381c983b6eca60a435ebf5a4bdbd7a32660f0) https://android.googlesource.com/platform/external/libgdx/+/890381c983b6eca60a435ebf5a4bdbd7a32660f0 Adapted from libgdx fork back to upstream jpeg-compressor repo. Co-authored-by: Rémi Verschelde <remi@godotengine.org>
Test: PoC Bug: 35639138 Change-Id: I7fc4385d7f446ecfbc7dbd350e4c9bac6db0c9f0 (cherry picked from commit 117c2d5b213b42b8cb2bedc45b6139a8f4516712) --- (cherry picked from commit 57b37792a815621274e529df9bfa1d39efb55b1b) https://android.googlesource.com/platform/external/libgdx/+/57b37792a815621274e529df9bfa1d39efb55b1b Adapted from libgdx fork back to upstream jpeg-compressor repo. According to godotengine/godot#30952, this commit fixes CVE-2017-0700, which was documented as Android vulnerability but was actually fixed in libgdx's copy of jpgd.cpp. PoC: https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2017-0700 Co-authored-by: Rémi Verschelde <remi@godotengine.org>
akien-mga
added a commit
to akien-mga/godot
that referenced
this pull request
Jul 30, 2019
Squashed version of richgel999/jpeg-compressor#10 with the line endings fixed (DOS to Unix). See richgel999/jpeg-compressor#10 and godotengine#30952 for details. Relates to CVE-2017-0700. Fixes godotengine#30952.
PokeMMO
added a commit
to PokeMMO/libgdx
that referenced
this pull request
Aug 1, 2019
akien-mga
added a commit
to godotengine/godot
that referenced
this pull request
Aug 21, 2019
Squashed version of richgel999/jpeg-compressor#10 with the line endings fixed (DOS to Unix). See richgel999/jpeg-compressor#10 and #30952 for details. Relates to CVE-2017-0700. Fixes #30952. (cherry picked from commit 5c33327)
myhalibobo
pushed a commit
to myhalibobo/godot
that referenced
this pull request
Sep 3, 2019
Squashed version of richgel999/jpeg-compressor#10 with the line endings fixed (DOS to Unix). See richgel999/jpeg-compressor#10 and godotengine#30952 for details. Relates to CVE-2017-0700. Fixes godotengine#30952.
akien-mga
added a commit
to akien-mga/godot
that referenced
this pull request
Sep 24, 2019
Squashed version of richgel999/jpeg-compressor#10 with the line endings fixed (DOS to Unix). See richgel999/jpeg-compressor#10 and godotengine#30952 for details. Relates to CVE-2017-0700. Fixes godotengine#30952. (cherry picked from commit 5c33327)
pchasco
pushed a commit
to pchasco/godot
that referenced
this pull request
Oct 23, 2019
Squashed version of richgel999/jpeg-compressor#10 with the line endings fixed (DOS to Unix). See richgel999/jpeg-compressor#10 and godotengine#30952 for details. Relates to CVE-2017-0700. Fixes godotengine#30952.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See godotengine/godot#30952 and libgdx/libgdx#5737 for context.
Google Android used to maintain a libgdx fork, and committed some security fixes in libgdx's bundled
jpgd.cpp, which were seemingly not contributed back upstream either here or to libgdx. Godot also usesjpgd.cppso is affected likewise.I reviewed the Google Android libgdx codebase and cherry-picked the two commits related to
jpgd.cpp: https://android.googlesource.com/platform/external/libgdx/+log/refs/heads/nougat-mr2.3-releaseThe second commit was apparently the fix (or one of the fixes?) for CVE-2017-0700.
PoC: https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2017-0700
Note that I cherry-picked these commits without modification, nor reviewing whether they do things the right way. I tested that second commit properly fixes the above linked PoC:
CC @richgel999 as I've noticed you don't "watch" your old repos imported from Google Code.