aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
authorCatalin Enache <catalin.enache@windriver.com>2017-04-05 15:06:51 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-05-18 13:04:50 +0100
commit3497bb564fa3bb1d6b938630cd660ee77bec5ab7 (patch)
tree3cf4d32825f54e3c6bd04547b039f820e54b4a2b /meta/recipes-extended
parent53c39f29578a4468e7f64a7403e77c28d951de6a (diff)
downloadopenembedded-core-3497bb564fa3bb1d6b938630cd660ee77bec5ab7.tar.gz
ghostscript: CVE-2017-7207
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207 Upstream patch: http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091 (From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch39
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.19.bb1
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch
new file mode 100644
index 0000000000..a05dc02c6c
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch
@@ -0,0 +1,39 @@
+From 0e88bee1304993668fede72498d656a2dd33a35e Mon Sep 17 00:00:00 2001
+From: Ken Sharp <ken.sharp@artifex.com>
+Date: Mon, 20 Mar 2017 09:34:11 +0000
+Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
+
+Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
+
+This is only possible by abusing/mis-using Ghostscript-specific
+language extensions, so cannot happen in a general PostScript program.
+
+Nevertheless, Ghostscript should not crash. So this commit checks the
+memory device to see if raster memory has been allocated, before trying
+to read from it.
+
+Upstream-Status: Backport
+CVE: CVE-2017-7207
+
+Author: Ken Sharp <ken.sharp@artifex.com>
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ base/gdevmem.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/base/gdevmem.c b/base/gdevmem.c
+index 41108ba..183f96d 100644
+--- a/base/gdevmem.c
++++ b/base/gdevmem.c
+@@ -605,6 +605,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect,
+ GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
+ return_error(gs_error_rangecheck);
+ }
++ if (mdev->line_ptrs == 0x00)
++ return_error(gs_error_rangecheck);
+ if ((w <= 0) | (h <= 0)) {
+ if ((w | h) < 0)
+ return_error(gs_error_rangecheck);
+--
+2.10.2
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.19.bb b/meta/recipes-extended/ghostscript/ghostscript_9.19.bb
index fe2016b15a..5b348a583e 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.19.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.19.bb
@@ -30,6 +30,7 @@ SRC_URI = "${SRC_URI_BASE} \
file://ghostscript-9.02-genarch.patch \
file://objarch.h \
file://cups-no-gcrypt.patch \
+ file://CVE-2017-7207.patch \
"
SRC_URI_class-native = "${SRC_URI_BASE} \