On 5/25/21 12:59 AM, akash hadke wrote: > From: "akash.hadke" <[email protected]> > > Added fix for below CVE's > > CVE-2019-5063 > CVE-2019-5064 > Link: > https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch > > Signed-off-by: akash hadke <[email protected]>
wrong ml. should be openembedded-devel@. patch noted. -armin > --- > .../opencv/CVE-2019-5063_and_2019-5064.patch | 78 > ++++++++++++++++++++++ > meta-oe/recipes-support/opencv/opencv_4.1.0.bb | 1 + > 2 files changed, 79 insertions(+) > create mode 100644 > meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch > > diff --git > a/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch > b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch > new file mode 100644 > index 0000000..b4d5e6d > --- /dev/null > +++ b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch > @@ -0,0 +1,78 @@ > +From f42d5399aac80d371b17d689851406669c9b9111 Mon Sep 17 00:00:00 2001 > +From: Alexander Alekhin <[email protected]> > +Date: Thu, 7 Nov 2019 14:01:51 +0300 > +Subject: [PATCH] core(persistence): add more checks for implementation > + limitations > + > +Signed-off-by: akash hadke <[email protected]> > +--- > + modules/core/src/persistence_json.cpp | 8 ++++++++ > + modules/core/src/persistence_xml.cpp | 6 ++++-- > + 2 files changed, 12 insertions(+), 2 deletions(-) > +--- > +CVE: CVE-2019-5063 > +CVE: CVE-2019-5064 > +Upstream-Status: Backport > [https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch] > +--- > +diff --git a/modules/core/src/persistence_json.cpp > b/modules/core/src/persistence_json.cpp > +index 89914e6534f..2efdf17d3f5 100644 > +--- a/modules/core/src/persistence_json.cpp > ++++ b/modules/core/src/persistence_json.cpp > +@@ -578,10 +578,14 @@ class JSONParser : public FileStorageParser > + sz = (int)(ptr - beg); > + if( sz > 0 ) > + { > ++ if (i + sz >= CV_FS_MAX_LEN) > ++ CV_PARSE_ERROR_CPP("string is too > long"); > + memcpy(buf + i, beg, sz); > + i += sz; > + } > + ptr++; > ++ if (i + 1 >= CV_FS_MAX_LEN) > ++ CV_PARSE_ERROR_CPP("string is too long"); > + switch ( *ptr ) > + { > + case '\\': > +@@ -605,6 +609,8 @@ class JSONParser : public FileStorageParser > + sz = (int)(ptr - beg); > + if( sz > 0 ) > + { > ++ if (i + sz >= CV_FS_MAX_LEN) > ++ CV_PARSE_ERROR_CPP("string is too > long"); > + memcpy(buf + i, beg, sz); > + i += sz; > + } > +@@ -620,6 +626,8 @@ class JSONParser : public FileStorageParser > + sz = (int)(ptr - beg); > + if( sz > 0 ) > + { > ++ if (i + sz >= CV_FS_MAX_LEN) > ++ CV_PARSE_ERROR_CPP("string is too > long"); > + memcpy(buf + i, beg, sz); > + i += sz; > + } > +diff --git a/modules/core/src/persistence_xml.cpp > b/modules/core/src/persistence_xml.cpp > +index 89876dd3da8..52b53744254 100644 > +--- a/modules/core/src/persistence_xml.cpp > ++++ b/modules/core/src/persistence_xml.cpp > +@@ -627,6 +627,8 @@ class XMLParser : public FileStorageParser > + c = '\"'; > + else > + { > ++ if (len + 2 + i >= CV_FS_MAX_LEN) > ++ CV_PARSE_ERROR_CPP("string is > too long"); > + memcpy( strbuf + i, ptr-1, len + 2 > ); > + i += len + 2; > + } > +@@ -635,9 +637,9 @@ class XMLParser : public FileStorageParser > + > CV_PERSISTENCE_CHECK_END_OF_BUFFER_BUG_CPP(); > + } > + } > ++ if (i + 1 >= CV_FS_MAX_LEN) > ++ CV_PARSE_ERROR_CPP("Too long string literal"); > + strbuf[i++] = c; > +- if( i >= CV_FS_MAX_LEN ) > +- CV_PARSE_ERROR_CPP( "Too long string literal" ); > + } > + elem->setValue(FileNode::STRING, strbuf, i); > + } > diff --git a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb > b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb > index de708fd..19d5d0c 100644 > --- a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb > +++ b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb > @@ -54,6 +54,7 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \ > file://CVE-2019-14493.patch \ > file://CVE-2019-15939.patch \ > file://CVE-2019-19624.patch \ > + file://CVE-2019-5063_and_2019-5064.patch \ > " > PV = "4.1.0" > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152220): https://lists.openembedded.org/g/openembedded-core/message/152220 Mute This Topic: https://lists.openembedded.org/mt/83071295/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
