Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-forensics/sleuthkit/files/sleuthkit-4.6.4-CVE-2018-19497-backport.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-forensics/sleuthkit/files/sleuthkit-4.6.4-CVE-2018-19497-backport.patch')
-rw-r--r--app-forensics/sleuthkit/files/sleuthkit-4.6.4-CVE-2018-19497-backport.patch83
1 files changed, 0 insertions, 83 deletions
diff --git a/app-forensics/sleuthkit/files/sleuthkit-4.6.4-CVE-2018-19497-backport.patch b/app-forensics/sleuthkit/files/sleuthkit-4.6.4-CVE-2018-19497-backport.patch
deleted file mode 100644
index 3ed904774814..000000000000
--- a/app-forensics/sleuthkit/files/sleuthkit-4.6.4-CVE-2018-19497-backport.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From dd679ad1d855e7f69a887eb343bb53d49dc664e7 Mon Sep 17 00:00:00 2001
-From: Jordy Zomer <zome8499@student.alfa-college.nl>
-Date: Sat, 24 Nov 2018 12:19:38 +0100
-Subject: [PATCH 1/3] Fix CVE-2018-19497.
-
-An issue was discovered in The Sleuth Kit (TSK) through 4.6.4.
-The "tsk_getu16(hfs->fs_info.endian, &rec_buf[rec_off2])" call in hfs_dir_open_meta_cb in
-tsk/fs/hfs_dent.c does not properly check boundaries. This results in
-a crash (SEGV on unknown address
-READ memory access)
-when reading too much in the destination buffer.
----
- tsk/fs/hfs.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c
-index 00f1720b1b..0dec507165 100644
---- a/tsk/fs/hfs.c
-+++ b/tsk/fs/hfs.c
-@@ -956,7 +956,8 @@ hfs_cat_traverse(HFS_INFO * hfs,
- key = (hfs_btree_key_cat *) & node[rec_off];
-
- keylen = 2 + tsk_getu16(hfs->fs_info.endian, key->key_len);
-- if ((keylen) > nodesize) {
-+
-+ if (keylen > nodesize - rec_off) {
- tsk_error_set_errno(TSK_ERR_FS_GENFS);
- tsk_error_set_errstr
- ("hfs_cat_traverse: length of key %d in index node %d too large (%d vs %"
-
-From fb2bc0ad693db852fac1dcc77a072aeabe106ac8 Mon Sep 17 00:00:00 2001
-From: Jordy Zomer <zome8499@student.alfa-college.nl>
-Date: Sat, 24 Nov 2018 12:37:09 +0100
-Subject: [PATCH 2/3] fix length in printf of nodesize
-
-Also fix the length in printf next to comit dd679ad1d855e7f69a887eb343bb53d49dc664e7
----
- tsk/fs/hfs.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c
-index 0dec507165..4f7c0679a8 100644
---- a/tsk/fs/hfs.c
-+++ b/tsk/fs/hfs.c
-@@ -961,7 +961,7 @@ hfs_cat_traverse(HFS_INFO * hfs,
- tsk_error_set_errno(TSK_ERR_FS_GENFS);
- tsk_error_set_errstr
- ("hfs_cat_traverse: length of key %d in index node %d too large (%d vs %"
-- PRIu16 ")", rec, cur_node, keylen, nodesize);
-+ PRIu16 ")", rec, cur_node, keylen, nodesize - rec_off);
- free(node);
- return 1;
- }
-
-From 8242588f4354339d9cb1ad82622e7c16c55391c9 Mon Sep 17 00:00:00 2001
-From: Jordy Zomer <zome8499@student.alfa-college.nl>
-Date: Sat, 24 Nov 2018 12:47:23 +0100
-Subject: [PATCH 3/3] UPDATE on CVE-2018-19497.
-
-make it >= because if keylen == nodesize - rec_off it's already past it's destination.
-Also fix the sprintf
----
- tsk/fs/hfs.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c
-index 4f7c0679a8..bb3819ada9 100644
---- a/tsk/fs/hfs.c
-+++ b/tsk/fs/hfs.c
-@@ -957,11 +957,11 @@ hfs_cat_traverse(HFS_INFO * hfs,
-
- keylen = 2 + tsk_getu16(hfs->fs_info.endian, key->key_len);
-
-- if (keylen > nodesize - rec_off) {
-+ if (keylen >= nodesize - rec_off) {
- tsk_error_set_errno(TSK_ERR_FS_GENFS);
- tsk_error_set_errstr
- ("hfs_cat_traverse: length of key %d in index node %d too large (%d vs %"
-- PRIu16 ")", rec, cur_node, keylen, nodesize - rec_off);
-+ PRIu16 ")", rec, cur_node, keylen, (nodesize - rec_off));
- free(node);
- return 1;
- }