[2/2] package/shapelib: fix CVE-2022-0699

Message ID	20221026210334.565454-2-fontaine.fabrice@gmail.com
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> From: Fabrice Fontaine <fontaine.fabrice@gmail.com> To: buildroot@buildroot.org Date: Wed, 26 Oct 2022 23:03:34 +0200 Message-Id: <20221026210334.565454-2-fontaine.fabrice@gmail.com> In-Reply-To: <20221026210334.565454-1-fontaine.fabrice@gmail.com> References: <20221026210334.565454-1-fontaine.fabrice@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=V6NgTUJaQJfP4Lk0Trl3vjkAGqzfWxUc6spB9I+u8sY=; b=Yc5vF9u1NbX1pPjSn2MUJh1/RdVEs7ZdGPnOdGOTC+LbLaEVkJBxptp+kwrIppEMTS n3w/XNT7tzZ213AOA5zNTtWpu9R6x6OYeEy6GkBOzLZjuPE8HCWLhl67SEruaSzw8wNB EgeI+W8DHCdW/lqXxjHXlWbww9ekGYPj1wHzB+323/GbjNGswRqCOnfCENHybP86xYI4 vgHPcYA3EjDS4xjiH0BzBKXNQGLRbm4O/SGdgeMcdVAxVMzQCewUAZIXqfaa7DZvKBUu FflBy4tfmQwfBzbq2P7xQ03q7Nf9o22/awK+HhxHau2rZIqsksGDeY01ui10IXES5g45 FVXw== X-Mailman-Original-Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=Yc5vF9u1 Subject: [Buildroot] [PATCH 2/2] package/shapelib: fix CVE-2022-0699 Precedence: list Cc: Zoltan Gyarmati <zgyarmati@zgyarmati.de>, Fabrice Fontaine <fontaine.fabrice@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[1/2] package/shapelib: add SHAPELIB_CPE_ID_VENDOR \| expand [1/2] package/shapelib: add SHAPELIB_CPE_ID_VENDOR [2/2] package/shapelib: fix CVE-2022-0699

Message ID

20221026210334.565454-2-fontaine.fabrice@gmail.com

State

Accepted

Headers

From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Wed, 26 Oct 2022 23:03:34 +0200
Message-Id: <20221026210334.565454-2-fontaine.fabrice@gmail.com>
In-Reply-To: <20221026210334.565454-1-fontaine.fabrice@gmail.com>
References: <20221026210334.565454-1-fontaine.fabrice@gmail.com>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp2.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20210112 header.b=Yc5vF9u1
Subject: [Buildroot] [PATCH 2/2] package/shapelib: fix CVE-2022-0699
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Cc: Zoltan Gyarmati <zgyarmati@zgyarmati.de>,
 Fabrice Fontaine <fontaine.fabrice@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[1/2] package/shapelib: add SHAPELIB_CPE_ID_VENDOR | expand

Commit Message

Fabrice Fontaine Oct. 26, 2022, 9:03 p.m. UTC

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0
and older releases. This issue may allow an attacker to cause a denial
of service or have other unspecified impact via control over malloc.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...Remove-double-free-in-contrib-shpsrt.patch | 26 +++++++++++++++++++
 package/shapelib/shapelib.mk                  |  3 +++
 2 files changed, 29 insertions(+)
 create mode 100644 package/shapelib/0001-Remove-double-free-in-contrib-shpsrt.patch

Comments

Peter Korsgaard Nov. 8, 2022, 7:39 p.m. UTC | #1

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0
 > and older releases. This issue may allow an attacker to cause a denial
 > of service or have other unspecified impact via control over malloc.

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.08.x and 2022.02.x, thanks.

diff --git a/package/shapelib/0001-Remove-double-free-in-contrib-shpsrt.patch b/package/shapelib/0001-Remove-double-free-in-contrib-shpsrt.patch
new file mode 100644
index 0000000000..a565874b8c
--- /dev/null
+++ b/package/shapelib/0001-Remove-double-free-in-contrib-shpsrt.patch
@@ -0,0 +1,26 @@ 
+From c75b9281a5b9452d92e1682bdfe6019a13ed819f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Albin=20Eldst=C3=A5l-Ahrens?= <laeder.keps@gmail.com>
+Date: Mon, 3 Jan 2022 12:34:41 +0100
+Subject: [PATCH] Remove double free() in contrib/shpsrt, issue #39
+
+This fixes issue #39
+
+[Retrieved from:
+https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ contrib/shpsort.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/contrib/shpsort.c b/contrib/shpsort.c
+index e21e9e0..920cd8c 100644
+--- a/contrib/shpsort.c
++++ b/contrib/shpsort.c
+@@ -113,7 +113,6 @@ static char ** split(const char *arg, const char *delim) {
+ 	free(result[--i]);
+       }
+       free(result);
+-      free(copy);
+       return NULL;
+     }
+     result = tmp;
diff --git a/package/shapelib/shapelib.mk b/package/shapelib/shapelib.mk
index 52f9584e19..37d2d9ae64 100644
--- a/package/shapelib/shapelib.mk
+++ b/package/shapelib/shapelib.mk
@@ -11,4 +11,7 @@  SHAPELIB_LICENSE_FILES = web/license.html COPYING
 SHAPELIB_CPE_ID_VENDOR = osgeo
 SHAPELIB_INSTALL_STAGING = YES
 
+# 0001-Remove-double-free-in-contrib-shpsrt.patch
+SHAPELIB_IGNORE_CVES += CVE-2022-0699
+
 $(eval $(autotools-package))

[2/2] package/shapelib: fix CVE-2022-0699

Commit Message

Comments

Patch