Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock icoutils 0.31.2-1, which contains various security fixes. diff -Nru icoutils-0.31.1/AUTHORS icoutils-0.31.2/AUTHORS --- icoutils-0.31.1/AUTHORS 2013-05-19 13:17:31.000000000 +0100 +++ icoutils-0.31.2/AUTHORS 2017-03-06 21:27:25.000000000 +0000 @@ -20,8 +20,11 @@ Marcin Siennicki - BMP extraction support for wrestool +Martin Gieseking <martin.giesek...@uos.de> + - Security fixes + - Miscellaneous fixes and improvements + Joel Holdsworth<j...@airwebreathe.org.uk> -Martin Gieseking Martin Storsjö<mar...@martin.st> Mathew Eis <mathew....@gmail.com> Sebastián Puebla <spue...@hotmail.com> @@ -33,3 +36,7 @@ Markus Schölzel <m-schoel...@web.de> Richard W.M. Jones <rjo...@redhat.com> - man page improvements + +Jerzy Kramarz <op7...@gmail.com> + - pointing out various crashes/bugs exploitable for DoS + purposes diff -Nru icoutils-0.31.1/NEWS icoutils-0.31.2/NEWS --- icoutils-0.31.1/NEWS 2017-01-08 14:44:57.000000000 +0000 +++ icoutils-0.31.2/NEWS 2017-03-06 21:32:05.000000000 +0000 @@ -1,3 +1,8 @@ +2017-03-06: icoutils 0.31.2 released. + Various security fixes from Martin Gieseking, + issues found by Jerzy Kramarz + (CVE-2017-6009, CVE-2017-6010, CVE-2017-6011). + 2017-01-08: icoutils 0.31.1 released. Security fixes: Colin Watson, Debian bug #850017 diff -Nru icoutils-0.31.1/configure icoutils-0.31.2/configure --- icoutils-0.31.1/configure 2017-01-08 14:40:28.000000000 +0000 +++ icoutils-0.31.2/configure 2017-03-06 21:28:08.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for icoutils 0.31.1. +# Generated by GNU Autoconf 2.69 for icoutils 0.31.2. # # Report bugs to <frank.rich...@gmail.com>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='icoutils' PACKAGE_TARNAME='icoutils' -PACKAGE_VERSION='0.31.1' -PACKAGE_STRING='icoutils 0.31.1' +PACKAGE_VERSION='0.31.2' +PACKAGE_STRING='icoutils 0.31.2' PACKAGE_BUGREPORT='frank.rich...@gmail.com' PACKAGE_URL='' @@ -1948,7 +1948,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures icoutils 0.31.1 to adapt to many kinds of systems. +\`configure' configures icoutils 0.31.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2018,7 +2018,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of icoutils 0.31.1:";; + short | recursive ) echo "Configuration of icoutils 0.31.2:";; esac cat <<\_ACEOF @@ -2128,7 +2128,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -icoutils configure 0.31.1 +icoutils configure 0.31.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2780,7 +2780,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by icoutils $as_me 0.31.1, which was +It was created by icoutils $as_me 0.31.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3670,7 +3670,7 @@ # Define the identity of the package. PACKAGE='icoutils' - VERSION='0.31.1' + VERSION='0.31.2' cat >>confdefs.h <<_ACEOF @@ -20061,7 +20061,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by icoutils $as_me 0.31.1, which was +This file was extended by icoutils $as_me 0.31.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20127,7 +20127,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -icoutils config.status 0.31.1 +icoutils config.status 0.31.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru icoutils-0.31.1/configure.ac icoutils-0.31.2/configure.ac --- icoutils-0.31.1/configure.ac 2017-01-08 14:39:40.000000000 +0000 +++ icoutils-0.31.2/configure.ac 2017-03-06 21:27:54.000000000 +0000 @@ -1,7 +1,7 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT(icoutils, 0.31.1, frank.rich...@gmail.com) +AC_INIT(icoutils, 0.31.2, frank.rich...@gmail.com) AC_CONFIG_MACRO_DIR([m4]) # doesn't seem to have any effect at the moment AC_CONFIG_SRCDIR([icotool/icotool.h]) AC_CONFIG_HEADER([config.h]) diff -Nru icoutils-0.31.1/debian/.git-dpm icoutils-0.31.2/debian/.git-dpm --- icoutils-0.31.1/debian/.git-dpm 2017-01-09 18:24:36.000000000 +0000 +++ icoutils-0.31.2/debian/.git-dpm 2017-03-07 17:30:30.000000000 +0000 @@ -1,8 +1,8 @@ # see git-dpm(1) from git-dpm package -f704125a5652f867d4f2acf45a52dc53b2c77fce -f704125a5652f867d4f2acf45a52dc53b2c77fce -f704125a5652f867d4f2acf45a52dc53b2c77fce -f704125a5652f867d4f2acf45a52dc53b2c77fce -icoutils_0.31.1.orig.tar.bz2 -751aa911164aea06e3b88cb1625aad8e0a96f5d0 -573484 +c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9 +c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9 +c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9 +c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9 +icoutils_0.31.2.orig.tar.bz2 +49391e2187ea9850893e042b69444e6b4cc5f9aa +573585 diff -Nru icoutils-0.31.1/debian/changelog icoutils-0.31.2/debian/changelog --- icoutils-0.31.1/debian/changelog 2017-01-09 18:31:05.000000000 +0000 +++ icoutils-0.31.2/debian/changelog 2017-03-07 22:18:53.000000000 +0000 @@ -1,3 +1,12 @@ +icoutils (0.31.2-1) unstable; urgency=high + + * New upstream release. + - CVE-2017-6009, CVE-2017-6010, CVE-2017-6011: Various security fixes + from Martin Gieseking, issues found by Jerzy Kramarz (closes: #854050, + #854054). + + -- Colin Watson <cjwat...@debian.org> Tue, 07 Mar 2017 22:18:53 +0000 + icoutils (0.31.1-1) unstable; urgency=high * New upstream release. diff -Nru icoutils-0.31.1/extresso/extresso icoutils-0.31.2/extresso/extresso --- icoutils-0.31.1/extresso/extresso 2017-01-08 14:40:54.000000000 +0000 +++ icoutils-0.31.2/extresso/extresso 2017-03-06 21:33:59.000000000 +0000 @@ -71,7 +71,7 @@ exit; } if ($arg_version) { - print "$PROGRAM (icoutils) 0.31.1\n"; + print "$PROGRAM (icoutils) 0.31.2\n"; print "Written by Oskar Liljeblad.\n\n"; print "Copyright (C) 1998-2005 Oskar Liljeblad.\n"; print "This is free software; see the source for copying conditions. There is NO\n"; diff -Nru icoutils-0.31.1/extresso/genresscript icoutils-0.31.2/extresso/genresscript --- icoutils-0.31.1/extresso/genresscript 2017-01-08 14:40:54.000000000 +0000 +++ icoutils-0.31.2/extresso/genresscript 2017-03-06 21:33:59.000000000 +0000 @@ -58,7 +58,7 @@ exit; } if ($arg_version) { - print "$PROGRAM (icoutils) 0.31.1\n"; + print "$PROGRAM (icoutils) 0.31.2\n"; print "Written by Oskar Liljeblad.\n\n"; print "Copyright (C) 1998-2005 Oskar Liljeblad.\n"; print "This is free software; see the source for copying conditions. There is NO\n"; diff -Nru icoutils-0.31.1/icotool/extract.c icoutils-0.31.2/icotool/extract.c --- icoutils-0.31.1/icotool/extract.c 2012-08-23 15:47:06.000000000 +0100 +++ icoutils-0.31.2/icotool/extract.c 2017-03-06 21:23:33.000000000 +0000 @@ -138,7 +138,8 @@ Win32RGBQuad *palette = NULL; uint32_t palette_count = 0; uint32_t image_size, mask_size; - uint32_t width, height, bit_count; + int32_t width, height; + uint32_t bit_count; uint8_t *image_data = NULL, *mask_data = NULL; png_structp png_ptr = NULL; png_infop info_ptr = NULL; @@ -154,16 +155,23 @@ /* Vista icon: it's just a raw PNG */ if (bitmap.size == ICO_PNG_MAGIC) { + uint32_t unsigned_width, unsigned_height; fseek(in, offset, SEEK_SET); image_size = entries[c].dib_size; image_data = xmalloc(image_size); if (!xfread(image_data, image_size, in)) goto done; - - if (!read_png (image_data, image_size, &bit_count, &width, &height)) + + if (!read_png (image_data, image_size, &bit_count, &unsigned_width, &unsigned_height)) goto done; - + + width = (int32_t)unsigned_width; + height = (int32_t)unsigned_height; + if ((bitmap.width > INT32_MAX/4) || (bitmap.height > INT32_MAX)) { + warn(_("PNG too large")); + goto done; + } completed++; if (!filter(completed, width, height, bitmap.bit_count, palette_count, dir.type == 1, @@ -229,11 +237,19 @@ if (bitmap.clr_used != 0 || bitmap.bit_count < 24) { palette_count = (bitmap.clr_used != 0 ? bitmap.clr_used : 1 << bitmap.bit_count); + if (palette_count > 256) { + warn(_("palette too large")); + goto done; + } palette = xmalloc(sizeof(Win32RGBQuad) * palette_count); if (!xfread(palette, sizeof(Win32RGBQuad) * palette_count, in)) goto done; offset += sizeof(Win32RGBQuad) * palette_count; } + if (abs(bitmap.width) > INT32_MAX/max(4, bitmap.bit_count)) { + warn(_("bitmap width too large")); + goto done; + } width = bitmap.width; height = abs(bitmap.height)/2; Binary files /tmp/_uaDpX67gW/icoutils-0.31.1/po/e...@boldquot.gmo and /tmp/f9PmotVM7d/icoutils-0.31.2/po/e...@boldquot.gmo differ diff -Nru icoutils-0.31.1/po/e...@boldquot.po icoutils-0.31.2/po/e...@boldquot.po --- icoutils-0.31.1/po/e...@boldquot.po 2017-01-08 14:46:32.000000000 +0000 +++ icoutils-0.31.2/po/e...@boldquot.po 2017-03-06 21:34:48.000000000 +0000 @@ -30,10 +30,10 @@ # msgid "" msgstr "" -"Project-Id-Version: icoutils 0.31.1\n" +"Project-Id-Version: icoutils 0.31.2\n" "Report-Msgid-Bugs-To: frank.rich...@gmail.com\n" -"POT-Creation-Date: 2017-01-08 15:40+0100\n" -"PO-Revision-Date: 2017-01-08 15:40+0100\n" +"POT-Creation-Date: 2017-03-06 22:34+0100\n" +"PO-Revision-Date: 2017-03-06 22:34+0100\n" "Last-Translator: Automatically generated\n" "Language-Team: none\n" "Language: en@boldquot\n" @@ -315,11 +315,11 @@ msgid "not a png file" msgstr "not a png file" -#: icotool/create.c:125 icotool/extract.c:273 icotool/extract.c:449 +#: icotool/create.c:125 icotool/extract.c:289 icotool/extract.c:465 msgid "cannot initialize PNG library" msgstr "cannot initialize PNG library" -#: icotool/create.c:130 icotool/extract.c:278 icotool/extract.c:454 +#: icotool/create.c:130 icotool/extract.c:294 icotool/extract.c:470 msgid "cannot create PNG info structure - out of memory" msgstr "cannot create PNG info structure - out of memory" @@ -328,12 +328,12 @@ msgid "cannot decrease bit depth from %d to %d, bit depth not changed" msgstr "cannot decrease bit depth from %d to %d, bit depth not changed" -#: icotool/create.c:258 icotool/extract.c:191 icotool/extract.c:288 +#: icotool/create.c:258 icotool/extract.c:199 icotool/extract.c:304 msgid "cannot create file" msgstr "cannot create file" #: icotool/create.c:267 icotool/create.c:309 icotool/create.c:319 -#: icotool/create.c:393 icotool/extract.c:199 +#: icotool/create.c:393 icotool/extract.c:207 msgid "cannot write to file" msgstr "cannot write to file" @@ -353,60 +353,72 @@ msgid "reserved is not zero" msgstr "reserved is not zero" -#: icotool/extract.c:178 icotool/extract.c:339 +#: icotool/extract.c:172 +msgid "PNG too large" +msgstr "PNG too large" + +#: icotool/extract.c:186 icotool/extract.c:355 #, c-format msgid "--%s --index=%d --width=%d --height=%d --bit-depth=%d --palette-size=%d" msgstr "" "--%s --index=%d --width=%d --height=%d --bit-depth=%d --palette-size=%d" -#: icotool/extract.c:182 icotool/extract.c:343 +#: icotool/extract.c:190 icotool/extract.c:359 #, c-format msgid " --hotspot-x=%d --hotspot-y=%d" msgstr " --hotspot-x=%d --hotspot-y=%d" -#: icotool/extract.c:208 +#: icotool/extract.c:216 msgid "bitmap header is too short" msgstr "bitmap header is too short" -#: icotool/extract.c:212 +#: icotool/extract.c:220 msgid "compressed image data not supported" msgstr "compressed image data not supported" -#: icotool/extract.c:216 +#: icotool/extract.c:224 msgid "x_pels_per_meter field in bitmap should be zero" msgstr "x_pels_per_meter field in bitmap should be zero" -#: icotool/extract.c:218 +#: icotool/extract.c:226 msgid "y_pels_per_meter field in bitmap should be zero" msgstr "y_pels_per_meter field in bitmap should be zero" -#: icotool/extract.c:220 +#: icotool/extract.c:228 msgid "clr_important field in bitmap should be zero" msgstr "clr_important field in bitmap should be zero" -#: icotool/extract.c:222 +#: icotool/extract.c:230 msgid "planes field in bitmap should be one" msgstr "planes field in bitmap should be one" -#: icotool/extract.c:225 +#: icotool/extract.c:233 #, c-format msgid "skipping %d bytes of extended bitmap header" msgstr "skipping %d bytes of extended bitmap header" -#: icotool/extract.c:245 +#: icotool/extract.c:241 +msgid "palette too large" +msgstr "palette too large" + +#: icotool/extract.c:250 +msgid "bitmap width too large" +msgstr "bitmap width too large" + +#: icotool/extract.c:261 #, c-format msgid "incorrect total size of bitmap (%d specified; %d real)" msgstr "incorrect total size of bitmap (%d specified; %d real)" -#: icotool/extract.c:392 +#: icotool/extract.c:408 msgid "offset of bitmap header incorrect (too low)" msgstr "offset of bitmap header incorrect (too low)" -#: icotool/extract.c:396 +#: icotool/extract.c:412 msgid "invalid data at expected offset (unrecoverable)" msgstr "invalid data at expected offset (unrecoverable)" -#: icotool/extract.c:399 +#: icotool/extract.c:415 #, c-format msgid "skipping %u bytes of garbage at %u" msgstr "skipping %u bytes of garbage at %u" @@ -788,31 +800,31 @@ msgid "%s: --language has no effect because file is 16-bit binary" msgstr "%s: --language has no effect because file is 16-bit binary" -#: wrestool/restable.c:121 +#: wrestool/restable.c:132 #, c-format msgid "--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%d]\n" msgstr "--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%d]\n" -#: wrestool/restable.c:124 +#: wrestool/restable.c:135 msgid " --language=" msgstr " --language=" -#: wrestool/restable.c:318 +#: wrestool/restable.c:329 #, c-format msgid "%s: resource table invalid, ignoring remaining entries" msgstr "%s: resource table invalid, ignoring remaining entries" -#: wrestool/restable.c:384 wrestool/restable.c:465 +#: wrestool/restable.c:395 wrestool/restable.c:478 #, c-format msgid "%s: not a PE or NE library" msgstr "%s: not a PE or NE library" -#: wrestool/restable.c:400 +#: wrestool/restable.c:412 #, c-format msgid "%s: no resource directory found" msgstr "%s: no resource directory found" -#: wrestool/restable.c:455 +#: wrestool/restable.c:468 #, c-format msgid "%s: file contains no resources" msgstr "%s: file contains no resources" Binary files /tmp/_uaDpX67gW/icoutils-0.31.1/po/e...@quot.gmo and /tmp/f9PmotVM7d/icoutils-0.31.2/po/e...@quot.gmo differ diff -Nru icoutils-0.31.1/po/e...@quot.po icoutils-0.31.2/po/e...@quot.po --- icoutils-0.31.1/po/e...@quot.po 2017-01-08 14:46:32.000000000 +0000 +++ icoutils-0.31.2/po/e...@quot.po 2017-03-06 21:34:48.000000000 +0000 @@ -27,10 +27,10 @@ # msgid "" msgstr "" -"Project-Id-Version: icoutils 0.31.1\n" +"Project-Id-Version: icoutils 0.31.2\n" "Report-Msgid-Bugs-To: frank.rich...@gmail.com\n" -"POT-Creation-Date: 2017-01-08 15:40+0100\n" -"PO-Revision-Date: 2017-01-08 15:40+0100\n" +"POT-Creation-Date: 2017-03-06 22:34+0100\n" +"PO-Revision-Date: 2017-03-06 22:34+0100\n" "Last-Translator: Automatically generated\n" "Language-Team: none\n" "Language: en@quot\n" @@ -312,11 +312,11 @@ msgid "not a png file" msgstr "not a png file" -#: icotool/create.c:125 icotool/extract.c:273 icotool/extract.c:449 +#: icotool/create.c:125 icotool/extract.c:289 icotool/extract.c:465 msgid "cannot initialize PNG library" msgstr "cannot initialize PNG library" -#: icotool/create.c:130 icotool/extract.c:278 icotool/extract.c:454 +#: icotool/create.c:130 icotool/extract.c:294 icotool/extract.c:470 msgid "cannot create PNG info structure - out of memory" msgstr "cannot create PNG info structure - out of memory" @@ -325,12 +325,12 @@ msgid "cannot decrease bit depth from %d to %d, bit depth not changed" msgstr "cannot decrease bit depth from %d to %d, bit depth not changed" -#: icotool/create.c:258 icotool/extract.c:191 icotool/extract.c:288 +#: icotool/create.c:258 icotool/extract.c:199 icotool/extract.c:304 msgid "cannot create file" msgstr "cannot create file" #: icotool/create.c:267 icotool/create.c:309 icotool/create.c:319 -#: icotool/create.c:393 icotool/extract.c:199 +#: icotool/create.c:393 icotool/extract.c:207 msgid "cannot write to file" msgstr "cannot write to file" @@ -350,60 +350,72 @@ msgid "reserved is not zero" msgstr "reserved is not zero" -#: icotool/extract.c:178 icotool/extract.c:339 +#: icotool/extract.c:172 +msgid "PNG too large" +msgstr "PNG too large" + +#: icotool/extract.c:186 icotool/extract.c:355 #, c-format msgid "--%s --index=%d --width=%d --height=%d --bit-depth=%d --palette-size=%d" msgstr "" "--%s --index=%d --width=%d --height=%d --bit-depth=%d --palette-size=%d" -#: icotool/extract.c:182 icotool/extract.c:343 +#: icotool/extract.c:190 icotool/extract.c:359 #, c-format msgid " --hotspot-x=%d --hotspot-y=%d" msgstr " --hotspot-x=%d --hotspot-y=%d" -#: icotool/extract.c:208 +#: icotool/extract.c:216 msgid "bitmap header is too short" msgstr "bitmap header is too short" -#: icotool/extract.c:212 +#: icotool/extract.c:220 msgid "compressed image data not supported" msgstr "compressed image data not supported" -#: icotool/extract.c:216 +#: icotool/extract.c:224 msgid "x_pels_per_meter field in bitmap should be zero" msgstr "x_pels_per_meter field in bitmap should be zero" -#: icotool/extract.c:218 +#: icotool/extract.c:226 msgid "y_pels_per_meter field in bitmap should be zero" msgstr "y_pels_per_meter field in bitmap should be zero" -#: icotool/extract.c:220 +#: icotool/extract.c:228 msgid "clr_important field in bitmap should be zero" msgstr "clr_important field in bitmap should be zero" -#: icotool/extract.c:222 +#: icotool/extract.c:230 msgid "planes field in bitmap should be one" msgstr "planes field in bitmap should be one" -#: icotool/extract.c:225 +#: icotool/extract.c:233 #, c-format msgid "skipping %d bytes of extended bitmap header" msgstr "skipping %d bytes of extended bitmap header" -#: icotool/extract.c:245 +#: icotool/extract.c:241 +msgid "palette too large" +msgstr "palette too large" + +#: icotool/extract.c:250 +msgid "bitmap width too large" +msgstr "bitmap width too large" + +#: icotool/extract.c:261 #, c-format msgid "incorrect total size of bitmap (%d specified; %d real)" msgstr "incorrect total size of bitmap (%d specified; %d real)" -#: icotool/extract.c:392 +#: icotool/extract.c:408 msgid "offset of bitmap header incorrect (too low)" msgstr "offset of bitmap header incorrect (too low)" -#: icotool/extract.c:396 +#: icotool/extract.c:412 msgid "invalid data at expected offset (unrecoverable)" msgstr "invalid data at expected offset (unrecoverable)" -#: icotool/extract.c:399 +#: icotool/extract.c:415 #, c-format msgid "skipping %u bytes of garbage at %u" msgstr "skipping %u bytes of garbage at %u" @@ -783,31 +795,31 @@ msgid "%s: --language has no effect because file is 16-bit binary" msgstr "%s: --language has no effect because file is 16-bit binary" -#: wrestool/restable.c:121 +#: wrestool/restable.c:132 #, c-format msgid "--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%d]\n" msgstr "--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%d]\n" -#: wrestool/restable.c:124 +#: wrestool/restable.c:135 msgid " --language=" msgstr " --language=" -#: wrestool/restable.c:318 +#: wrestool/restable.c:329 #, c-format msgid "%s: resource table invalid, ignoring remaining entries" msgstr "%s: resource table invalid, ignoring remaining entries" -#: wrestool/restable.c:384 wrestool/restable.c:465 +#: wrestool/restable.c:395 wrestool/restable.c:478 #, c-format msgid "%s: not a PE or NE library" msgstr "%s: not a PE or NE library" -#: wrestool/restable.c:400 +#: wrestool/restable.c:412 #, c-format msgid "%s: no resource directory found" msgstr "%s: no resource directory found" -#: wrestool/restable.c:455 +#: wrestool/restable.c:468 #, c-format msgid "%s: file contains no resources" msgstr "%s: file contains no resources" diff -Nru icoutils-0.31.1/po/icoutils.pot icoutils-0.31.2/po/icoutils.pot --- icoutils-0.31.1/po/icoutils.pot 2017-01-08 14:40:55.000000000 +0000 +++ icoutils-0.31.2/po/icoutils.pot 2017-03-06 21:34:19.000000000 +0000 @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: icoutils 0.31.1\n" +"Project-Id-Version: icoutils 0.31.2\n" "Report-Msgid-Bugs-To: frank.rich...@gmail.com\n" -"POT-Creation-Date: 2017-01-08 15:40+0100\n" +"POT-Creation-Date: 2017-03-06 22:34+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <l...@li.org>\n" @@ -259,11 +259,11 @@ msgid "not a png file" msgstr "" -#: icotool/create.c:125 icotool/extract.c:273 icotool/extract.c:449 +#: icotool/create.c:125 icotool/extract.c:289 icotool/extract.c:465 msgid "cannot initialize PNG library" msgstr "" -#: icotool/create.c:130 icotool/extract.c:278 icotool/extract.c:454 +#: icotool/create.c:130 icotool/extract.c:294 icotool/extract.c:470 msgid "cannot create PNG info structure - out of memory" msgstr "" @@ -272,12 +272,12 @@ msgid "cannot decrease bit depth from %d to %d, bit depth not changed" msgstr "" -#: icotool/create.c:258 icotool/extract.c:191 icotool/extract.c:288 +#: icotool/create.c:258 icotool/extract.c:199 icotool/extract.c:304 msgid "cannot create file" msgstr "" #: icotool/create.c:267 icotool/create.c:309 icotool/create.c:319 -#: icotool/create.c:393 icotool/extract.c:199 +#: icotool/create.c:393 icotool/extract.c:207 msgid "cannot write to file" msgstr "" @@ -297,59 +297,71 @@ msgid "reserved is not zero" msgstr "" -#: icotool/extract.c:178 icotool/extract.c:339 +#: icotool/extract.c:172 +msgid "PNG too large" +msgstr "" + +#: icotool/extract.c:186 icotool/extract.c:355 #, c-format msgid "--%s --index=%d --width=%d --height=%d --bit-depth=%d --palette-size=%d" msgstr "" -#: icotool/extract.c:182 icotool/extract.c:343 +#: icotool/extract.c:190 icotool/extract.c:359 #, c-format msgid " --hotspot-x=%d --hotspot-y=%d" msgstr "" -#: icotool/extract.c:208 +#: icotool/extract.c:216 msgid "bitmap header is too short" msgstr "" -#: icotool/extract.c:212 +#: icotool/extract.c:220 msgid "compressed image data not supported" msgstr "" -#: icotool/extract.c:216 +#: icotool/extract.c:224 msgid "x_pels_per_meter field in bitmap should be zero" msgstr "" -#: icotool/extract.c:218 +#: icotool/extract.c:226 msgid "y_pels_per_meter field in bitmap should be zero" msgstr "" -#: icotool/extract.c:220 +#: icotool/extract.c:228 msgid "clr_important field in bitmap should be zero" msgstr "" -#: icotool/extract.c:222 +#: icotool/extract.c:230 msgid "planes field in bitmap should be one" msgstr "" -#: icotool/extract.c:225 +#: icotool/extract.c:233 #, c-format msgid "skipping %d bytes of extended bitmap header" msgstr "" -#: icotool/extract.c:245 +#: icotool/extract.c:241 +msgid "palette too large" +msgstr "" + +#: icotool/extract.c:250 +msgid "bitmap width too large" +msgstr "" + +#: icotool/extract.c:261 #, c-format msgid "incorrect total size of bitmap (%d specified; %d real)" msgstr "" -#: icotool/extract.c:392 +#: icotool/extract.c:408 msgid "offset of bitmap header incorrect (too low)" msgstr "" -#: icotool/extract.c:396 +#: icotool/extract.c:412 msgid "invalid data at expected offset (unrecoverable)" msgstr "" -#: icotool/extract.c:399 +#: icotool/extract.c:415 #, c-format msgid "skipping %u bytes of garbage at %u" msgstr "" @@ -707,31 +719,31 @@ msgid "%s: --language has no effect because file is 16-bit binary" msgstr "" -#: wrestool/restable.c:121 +#: wrestool/restable.c:132 #, c-format msgid "--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%d]\n" msgstr "" -#: wrestool/restable.c:124 +#: wrestool/restable.c:135 msgid " --language=" msgstr "" -#: wrestool/restable.c:318 +#: wrestool/restable.c:329 #, c-format msgid "%s: resource table invalid, ignoring remaining entries" msgstr "" -#: wrestool/restable.c:384 wrestool/restable.c:465 +#: wrestool/restable.c:395 wrestool/restable.c:478 #, c-format msgid "%s: not a PE or NE library" msgstr "" -#: wrestool/restable.c:400 +#: wrestool/restable.c:412 #, c-format msgid "%s: no resource directory found" msgstr "" -#: wrestool/restable.c:455 +#: wrestool/restable.c:468 #, c-format msgid "%s: file contains no resources" msgstr "" diff -Nru icoutils-0.31.1/wrestool/fileread.c icoutils-0.31.2/wrestool/fileread.c --- icoutils-0.31.1/wrestool/fileread.c 2017-01-08 14:10:59.000000000 +0000 +++ icoutils-0.31.2/wrestool/fileread.c 2017-03-06 20:05:04.000000000 +0000 @@ -42,8 +42,8 @@ /*debug("check_offset: size=%x vs %x offset=%x size=%x\n", need_size, total_size, (char *) offset - memory, size);*/ - if (((memory <= memory_end) && (block <= block_end)) - && ((block < memory) || (block >= memory_end) || (block_end > memory_end))) { + if (((memory > memory_end) || (block > block_end)) + || (block < memory) || (block >= memory_end) || (block_end > memory_end)) { warn(_("%s: premature end"), name); return false; } diff -Nru icoutils-0.31.1/wrestool/restable.c icoutils-0.31.2/wrestool/restable.c --- icoutils-0.31.1/wrestool/restable.c 2012-08-23 15:47:06.000000000 +0100 +++ icoutils-0.31.2/wrestool/restable.c 2017-03-06 21:10:52.000000000 +0000 @@ -41,6 +41,13 @@ static WinResource *list_resources (WinLibrary *fi, WinResource *res, int *count); static bool compare_resource_id (WinResource *wr, char *id); +/* Check whether access to a PE_SECTIONS is allowed */ +#define RETURN_IF_BAD_PE_SECTIONS(ret, module) \ + do { \ + RETURN_IF_BAD_POINTER(ret, PE_HEADER(module)->optional_header); \ + RETURN_IF_BAD_POINTER(ret, PE_HEADER(module)->file_header.size_of_optional_header); \ + } while(0) + /* do_resources: * Do something for each resource matching type, name and lang. */ @@ -80,9 +87,13 @@ wr = list_resources (fi, base, &rescnt); if (wr == NULL) return; + if (!check_offset(fi->memory, fi->total_size, fi->name, &wr[0], sizeof(WinResource))) + return; /* process each resource listed */ for (c = 0 ; c < rescnt ; c++) { + if (!check_offset(fi->memory, fi->total_size, fi->name, &wr[c], sizeof(WinResource))) + break; /* (over)write the corresponding WinResource holder with the current */ memcpy(WINRESOURCE_BY_LEVEL(wr[c].level), wr+c, sizeof(WinResource)); @@ -223,7 +234,7 @@ /* translate id into a string */ snprintf(wr->id, WINRES_ID_MAXLEN, "%d", value & ~NE_RESOURCE_NAME_IS_NUMERIC); } else { /* ASCII string id */ - int len; + unsigned char len; char *mem = (char *) NE_HEADER(fi->memory) + NE_HEADER(fi->memory)->rsrctab + value; @@ -388,6 +399,7 @@ /* falls through */ } + RETURN_IF_BAD_OFFSET(false, MZ_HEADER(fi->memory), sizeof(Win32ImageNTHeaders)); /* check for OS2 (Win16) header signature `NE' */ RETURN_IF_BAD_POINTER(false, NE_HEADER(fi->memory)->magic); if (NE_HEADER(fi->memory)->magic == IMAGE_OS2_SIGNATURE) { @@ -419,7 +431,7 @@ /* allocate new memory */ fi->total_size = calc_vma_size(fi); - if (fi->total_size == 0) { + if (fi->total_size <= 0) { /* calc_vma_size has reported error */ return false; } @@ -427,7 +439,8 @@ /* relocate memory, start from last section */ pe_header = PE_HEADER(fi->memory); - RETURN_IF_BAD_POINTER(false, pe_header->file_header.number_of_sections); + RETURN_IF_BAD_POINTER(false, pe_header->file_header.number_of_sections); + RETURN_IF_BAD_PE_SECTIONS(false, fi->memory); /* we don't need to do OFFSET checking for the sections. * calc_vma_size has already done that */ @@ -487,6 +500,7 @@ if (segcount == 0) return fi->total_size; + RETURN_IF_BAD_PE_SECTIONS(-1, fi->memory); seg = PE_SECTIONS(fi->memory); RETURN_IF_BAD_POINTER(-1, *seg); unblock icoutils/0.31.2-1 Thanks, -- Colin Watson [cjwat...@debian.org]