media-gfx/jhead: Add CVE-2021-34055 patch

Bug: https://bugs.gentoo.org/879801 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
author: Andreas K. Hüttel <dilfridge@gentoo.org> 2023-04-10 04:48:08 +0200
committer: Andreas K. Hüttel <dilfridge@gentoo.org> 2023-04-10 04:48:38 +0200
commit: ecf038d30f5cae49c82bed3af187d62387ed8c1e (patch)
tree: c43efe5bf9d805c8afee84714a246f1a4c202706 /media-gfx/jhead/files
parent: media-libs/vidstab: Stabilize 1.1.1 ppc, #902763 (diff)
download: gentoo-ecf038d30f5cae49c82bed3af187d62387ed8c1e.tar.gz
gentoo-ecf038d30f5cae49c82bed3af187d62387ed8c1e.tar.bz2
gentoo-ecf038d30f5cae49c82bed3af187d62387ed8c1e.zip
1 files changed, 108 insertions, 0 deletions
diff --git a/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch b/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch
new file mode 100644
index 000000000000..1669eb6f089f
--- /dev/null
+++ b/media-gfx/jhead/files/jhead-3.06.0.1-CVE-2021-34055.patch
@@ -0,0 +1,108 @@
+From f4f57913fff5de97da347a22558bbb74a1166369 Mon Sep 17 00:00:00 2001
+From: matthias wandel <matthias@woodgears.ca>
+Date: Wed, 1 Sep 2021 18:59:15 -0300
+Subject: [PATCH] If exif header is complete garbage, don't keep it.  Fixes
+ issue 36
+
+(cherry picked from commit c761620767ae72e5d61c697a73de262aebe0b591)
+---
+ exif.c    | 12 +++++++-----
+ jhead.h   |  2 +-
+ jpgfile.c |  5 ++++-
+ 3 files changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/exif.c b/exif.c
+index ba066b5..d250a8d 100755
+--- a/exif.c
++++ b/exif.c
+@@ -1005,7 +1005,7 @@ void Clear_EXIF ()
+ // Process a EXIF marker
+ // Describes all the drivel that most digital cameras include...
+ //--------------------------------------------------------------------------
+-void process_EXIF (unsigned char * ExifSection, int length)
++int process_EXIF (unsigned char * ExifSection, int length)
+ {
+     int FirstOffset;
+     
+@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, int length)
+         static uchar ExifHeader[] = "Exif\0\0";
+         if (memcmp(ExifSection+2, ExifHeader,6)){
+             ErrNonfatal("Incorrect Exif header",0,0);
+-            return;
++            return 0;
+         }
+     }
+ 
+@@ -1033,21 +1033,21 @@ void process_EXIF (unsigned char * ExifSection, int length)
+             MotorolaOrder = 1;
+         }else{
+             ErrNonfatal("Invalid Exif alignment marker.",0,0);
+-            return;
++            return 0;
+         }
+     }
+ 
+     // Check the next value for correctness.
+     if (Get16u(ExifSection+10) != 0x2a){
+         ErrNonfatal("Invalid Exif start (1)",0,0);
+-        return;
++        return 0;
+     }
+ 
+     FirstOffset = (int)Get32u(ExifSection+12);
+     if (FirstOffset < 8 || FirstOffset > 16){
+         if (FirstOffset < 16 || FirstOffset > length-16 || length < 16){
+             ErrNonfatal("invalid offset for first Exif IFD value",0,0);
+-            return;
++            return 0;
+         }
+         // Usually set to 8, but other values valid too.
+         ErrNonfatal("Suspicious offset of first Exif IFD value",0,0);
+@@ -1086,6 +1086,7 @@ void process_EXIF (unsigned char * ExifSection, int length)
+             ImageInfo.FocalLength35mmEquiv = (int)(ImageInfo.FocalLength/ImageInfo.CCDWidth*36 + 0.5);
+         }
+     }
++	return 1;
+ }
+ 
+ 
+@@ -1235,6 +1236,7 @@ void create_EXIF(void)
+ const char * ClearOrientation(void)
+ {
+     int a;
++
+     if (NumOrientations == 0) return NULL;
+ 
+     for (a=0;a<NumOrientations;a++){
+diff --git a/jhead.h b/jhead.h
+index 3d620d9..03987e2 100644
+--- a/jhead.h
++++ b/jhead.h
+@@ -163,7 +163,7 @@ void FileTimeAsString(char * TimeStr);
+ // Prototypes for exif.c functions.
+ int Exif2tm(struct tm * timeptr, char * ExifTime);
+ void Clear_EXIF();
+-void process_EXIF (unsigned char * CharBuf, int length);
++int process_EXIF (unsigned char * CharBuf, int length);
+ void ShowImageInfo(int ShowFileInfo);
+ void ShowConciseImageInfo(void);
+ const char * ClearOrientation(void);
+diff --git a/jpgfile.c b/jpgfile.c
+index 097d2f1..af2d7bc 100644
+--- a/jpgfile.c
++++ b/jpgfile.c
+@@ -286,7 +286,10 @@ int ReadJpegSections (FILE * infile, ReadMode_t ReadMode)
+                 // There can be different section using the same marker.
+                 if (ReadMode & READ_METADATA){
+                     if (memcmp(Data+2, "Exif", 4) == 0){
+-                        process_EXIF(Data, itemlen);
++                        if (!process_EXIF(Data, itemlen)){
++                            // malformatted exif sections, discard.
++                            free(Sections[--SectionsRead].Data);
++						}
+                         break;
+                     }else if (memcmp(Data+2, "http:", 5) == 0){
+                         Sections[SectionsRead-1].Type = M_XMP; // Change tag for internal purposes.
+-- 
+2.39.2
+
author	Andreas K. Hüttel <dilfridge@gentoo.org>	2023-04-10 04:48:08 +0200
committer	Andreas K. Hüttel <dilfridge@gentoo.org>	2023-04-10 04:48:38 +0200
commit	ecf038d30f5cae49c82bed3af187d62387ed8c1e (patch)
tree	c43efe5bf9d805c8afee84714a246f1a4c202706 /media-gfx/jhead/files
parent	media-libs/vidstab: Stabilize 1.1.1 ppc, #902763 (diff)
download	gentoo-ecf038d30f5cae49c82bed3af187d62387ed8c1e.tar.gz gentoo-ecf038d30f5cae49c82bed3af187d62387ed8c1e.tar.bz2 gentoo-ecf038d30f5cae49c82bed3af187d62387ed8c1e.zip