opencv: Add fix for CVE-2019-5063 and CVE-2019-5064

Added fix for below CVE's CVE-2019-5063 CVE-2019-5064 Link: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch Signed-off-by: akash hadke <akash.hadke@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: akash.hadke <akash.hadke@kpit.com> 2021-05-25 13:29:14 +0530
committer: Armin Kuster <akuster808@gmail.com> 2021-05-25 04:50:10 -0700
commit: 943f5560aa3b34f1c0baa0b8093fe978d5db558d (patch)
tree: 79c661062d3b108fea566ad3d1664a3d66419529
parent: f56fb13a2c5efe0802fca883f321bc6ea064d70f (diff)
download: meta-openembedded-943f5560aa3b34f1c0baa0b8093fe978d5db558d.tar.gz
2 files changed, 79 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch
new file mode 100644
index 0000000000..b4d5e6dc44
--- /dev/null
+++ b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch
@@ -0,0 +1,78 @@
+From f42d5399aac80d371b17d689851406669c9b9111 Mon Sep 17 00:00:00 2001
+From: Alexander Alekhin <alexander.alekhin@intel.com>
+Date: Thu, 7 Nov 2019 14:01:51 +0300
+Subject: [PATCH] core(persistence): add more checks for implementation
+ limitations
+
+Signed-off-by: akash hadke <akash.hadke@kpit.com>
+---
+ modules/core/src/persistence_json.cpp | 8 ++++++++
+ modules/core/src/persistence_xml.cpp  | 6 ++++--
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+---
+CVE: CVE-2019-5063
+CVE: CVE-2019-5064
+Upstream-Status: Backport [https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch]
+---
+diff --git a/modules/core/src/persistence_json.cpp b/modules/core/src/persistence_json.cpp
+index 89914e6534f..2efdf17d3f5 100644
+--- a/modules/core/src/persistence_json.cpp
++++ b/modules/core/src/persistence_json.cpp
+@@ -578,10 +578,14 @@ class JSONParser : public FileStorageParser
+                             sz = (int)(ptr - beg);
+                             if( sz > 0 )
+                             {
++                                if (i + sz >= CV_FS_MAX_LEN)
++                                    CV_PARSE_ERROR_CPP("string is too long");
+                                 memcpy(buf + i, beg, sz);
+                                 i += sz;
+                             }
+                             ptr++;
++                            if (i + 1 >= CV_FS_MAX_LEN)
++                                CV_PARSE_ERROR_CPP("string is too long");
+                             switch ( *ptr )
+                             {
+                             case '\\':
+@@ -605,6 +609,8 @@ class JSONParser : public FileStorageParser
+                             sz = (int)(ptr - beg);
+                             if( sz > 0 )
+                             {
++                                if (i + sz >= CV_FS_MAX_LEN)
++                                    CV_PARSE_ERROR_CPP("string is too long");
+                                 memcpy(buf + i, beg, sz);
+                                 i += sz;
+                             }
+@@ -620,6 +626,8 @@ class JSONParser : public FileStorageParser
+                             sz = (int)(ptr - beg);
+                             if( sz > 0 )
+                             {
++                                if (i + sz >= CV_FS_MAX_LEN)
++                                    CV_PARSE_ERROR_CPP("string is too long");
+                                 memcpy(buf + i, beg, sz);
+                                 i += sz;
+                             }
+diff --git a/modules/core/src/persistence_xml.cpp b/modules/core/src/persistence_xml.cpp
+index 89876dd3da8..52b53744254 100644
+--- a/modules/core/src/persistence_xml.cpp
++++ b/modules/core/src/persistence_xml.cpp
+@@ -627,6 +627,8 @@ class XMLParser : public FileStorageParser
+                                         c = '\"';
+                                     else
+                                     {
++                                        if (len + 2 + i >= CV_FS_MAX_LEN)
++                                            CV_PARSE_ERROR_CPP("string is too long");
+                                         memcpy( strbuf + i, ptr-1, len + 2 );
+                                         i += len + 2;
+                                     }
+@@ -635,9 +637,9 @@ class XMLParser : public FileStorageParser
+                                 CV_PERSISTENCE_CHECK_END_OF_BUFFER_BUG_CPP();
+                             }
+                         }
++                        if (i + 1 >= CV_FS_MAX_LEN)
++                            CV_PARSE_ERROR_CPP("Too long string literal");
+                         strbuf[i++] = c;
+-                        if( i >= CV_FS_MAX_LEN )
+-                            CV_PARSE_ERROR_CPP( "Too long string literal" );
+                     }
+                     elem->setValue(FileNode::STRING, strbuf, i);
+                 }
diff --git a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
index de708fd06d..19d5d0c891 100644
--- a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
+++ b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb
@@ -54,6 +54,7 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \
            file://CVE-2019-14493.patch \
            file://CVE-2019-15939.patch \
            file://CVE-2019-19624.patch \
+           file://CVE-2019-5063_and_2019-5064.patch \
            "
 PV = "4.1.0"
author	akash.hadke <akash.hadke@kpit.com>	2021-05-25 13:29:14 +0530
committer	Armin Kuster <akuster808@gmail.com>	2021-05-25 04:50:10 -0700
commit	943f5560aa3b34f1c0baa0b8093fe978d5db558d (patch)
tree	79c661062d3b108fea566ad3d1664a3d66419529
parent	f56fb13a2c5efe0802fca883f321bc6ea064d70f (diff)
download	meta-openembedded-943f5560aa3b34f1c0baa0b8093fe978d5db558d.tar.gz