From: "akash.hadke" <[email protected]> Added fix for below CVE's
CVE-2019-5063 CVE-2019-5064 Link: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch Signed-off-by: akash hadke <[email protected]> --- .../opencv/CVE-2019-5063_and_2019-5064.patch | 78 ++++++++++++++++++++++ meta-oe/recipes-support/opencv/opencv_4.1.0.bb | 1 + 2 files changed, 79 insertions(+) create mode 100644 meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch new file mode 100644 index 0000000..b4d5e6d --- /dev/null +++ b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch @@ -0,0 +1,78 @@ +From f42d5399aac80d371b17d689851406669c9b9111 Mon Sep 17 00:00:00 2001 +From: Alexander Alekhin <[email protected]> +Date: Thu, 7 Nov 2019 14:01:51 +0300 +Subject: [PATCH] core(persistence): add more checks for implementation + limitations + +Signed-off-by: akash hadke <[email protected]> +--- + modules/core/src/persistence_json.cpp | 8 ++++++++ + modules/core/src/persistence_xml.cpp | 6 ++++-- + 2 files changed, 12 insertions(+), 2 deletions(-) +--- +CVE: CVE-2019-5063 +CVE: CVE-2019-5064 +Upstream-Status: Backport [https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch] +--- +diff --git a/modules/core/src/persistence_json.cpp b/modules/core/src/persistence_json.cpp +index 89914e6534f..2efdf17d3f5 100644 +--- a/modules/core/src/persistence_json.cpp ++++ b/modules/core/src/persistence_json.cpp +@@ -578,10 +578,14 @@ class JSONParser : public FileStorageParser + sz = (int)(ptr - beg); + if( sz > 0 ) + { ++ if (i + sz >= CV_FS_MAX_LEN) ++ CV_PARSE_ERROR_CPP("string is too long"); + memcpy(buf + i, beg, sz); + i += sz; + } + ptr++; ++ if (i + 1 >= CV_FS_MAX_LEN) ++ CV_PARSE_ERROR_CPP("string is too long"); + switch ( *ptr ) + { + case '\\': +@@ -605,6 +609,8 @@ class JSONParser : public FileStorageParser + sz = (int)(ptr - beg); + if( sz > 0 ) + { ++ if (i + sz >= CV_FS_MAX_LEN) ++ CV_PARSE_ERROR_CPP("string is too long"); + memcpy(buf + i, beg, sz); + i += sz; + } +@@ -620,6 +626,8 @@ class JSONParser : public FileStorageParser + sz = (int)(ptr - beg); + if( sz > 0 ) + { ++ if (i + sz >= CV_FS_MAX_LEN) ++ CV_PARSE_ERROR_CPP("string is too long"); + memcpy(buf + i, beg, sz); + i += sz; + } +diff --git a/modules/core/src/persistence_xml.cpp b/modules/core/src/persistence_xml.cpp +index 89876dd3da8..52b53744254 100644 +--- a/modules/core/src/persistence_xml.cpp ++++ b/modules/core/src/persistence_xml.cpp +@@ -627,6 +627,8 @@ class XMLParser : public FileStorageParser + c = '\"'; + else + { ++ if (len + 2 + i >= CV_FS_MAX_LEN) ++ CV_PARSE_ERROR_CPP("string is too long"); + memcpy( strbuf + i, ptr-1, len + 2 ); + i += len + 2; + } +@@ -635,9 +637,9 @@ class XMLParser : public FileStorageParser + CV_PERSISTENCE_CHECK_END_OF_BUFFER_BUG_CPP(); + } + } ++ if (i + 1 >= CV_FS_MAX_LEN) ++ CV_PARSE_ERROR_CPP("Too long string literal"); + strbuf[i++] = c; +- if( i >= CV_FS_MAX_LEN ) +- CV_PARSE_ERROR_CPP( "Too long string literal" ); + } + elem->setValue(FileNode::STRING, strbuf, i); + } diff --git a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb index de708fd..19d5d0c 100644 --- a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb +++ b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb @@ -54,6 +54,7 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \ file://CVE-2019-14493.patch \ file://CVE-2019-15939.patch \ file://CVE-2019-19624.patch \ + file://CVE-2019-5063_and_2019-5064.patch \ " PV = "4.1.0" -- 2.7.4
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152202): https://lists.openembedded.org/g/openembedded-core/message/152202 Mute This Topic: https://lists.openembedded.org/mt/83071295/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
