pkgsrc/graphics/tiff/patches/patch-CVE-2022-22844 - view

Return to patch-CVE-2022-22844 CVS log

Up to [cvs.NetBSD.org] / pkgsrc / graphics / tiff / patches

File: [cvs.NetBSD.org] / pkgsrc / graphics / tiff / patches / Attic / patch-CVE-2022-22844 (download)

Revision 1.1, Fri Mar 25 08:36:37 2022 UTC (2 years ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1

tiff: apply fixes for CVE-2022-22844 CVE-2022-0561 CVE-2022-0562

This is tiff-4.3.0nb1.

$NetBSD: patch-CVE-2022-22844,v 1.1 2022/03/25 08:36:37 nia Exp $

https://gitlab.com/libtiff/libtiff/-/issues/355

This fixes CVE-2022-22844.

--- tools/tiffset.c.orig	2021-03-07 11:39:11.000000000 +0000
+++ tools/tiffset.c
@@ -146,9 +146,19 @@ main(int argc, char* argv[])
 
             arg_index++;
             if (TIFFFieldDataType(fip) == TIFF_ASCII) {
-                if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
-                    fprintf( stderr, "Failed to set %s=%s\n",
-                             TIFFFieldName(fip), argv[arg_index] );
+                if(TIFFFieldPassCount( fip )) {
+                    size_t len;
+                    len = strlen(argv[arg_index]) + 1;
+                    if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
+                            (uint16_t)len, argv[arg_index]) != 1)
+                        fprintf( stderr, "Failed to set %s=%s\n",
+                            TIFFFieldName(fip), argv[arg_index] );
+                } else {
+                    if (TIFFSetField(tiff, TIFFFieldTag(fip),
+                            argv[arg_index]) != 1)
+                        fprintf( stderr, "Failed to set %s=%s\n",
+                            TIFFFieldName(fip), argv[arg_index] );
+                }
             } else if (TIFFFieldWriteCount(fip) > 0
 		       || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
                 int     ret = 1;