Package: liblcms2 Version: 2.6-3 Severity: normal Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: toolchain randomness
Hi!
When writing named colors, liblcms2 currently writes uninitialized memory
when the prefix, suffix, or root color name strings are not
32-characters long (including the NULL terminator). This prevents colord
from building reproducibly.
The attached patch will zero the memory before copying the profile
strings to ensure a consistent output.
--
Lunar .''`.
lu...@debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
diff -Nru lcms2-2.6/debian/patches/dont-write-uninitialized-memory-for-color-strings.patch lcms2-2.6/debian/patches/dont-write-uninitialized-memory-for-color-strings.patch
--- lcms2-2.6/debian/patches/dont-write-uninitialized-memory-for-color-strings.patch 1970-01-01 01:00:00.000000000 +0100
+++ lcms2-2.6/debian/patches/dont-write-uninitialized-memory-for-color-strings.patch 2016-02-20 12:43:36.000000000 +0100
@@ -0,0 +1,59 @@
+Description: Zero named color strings before writing them
+ For each named colors (namedColor2Type) a prefix, a suffix and the
+ color root name get written. These three strings are 32-characters long.
+ In order to avoid capturing unitialized memory—which is not good for
+ privacy and prevent getting the same bytes for the same profile—the
+ placeholder allocated on the stack are zero'ed before a copy of the
+ actual string is made.
+ .
+ For consistency, we also remove unneeded extra allocated bytes in
+ Type_ColorantTable_Write() and Type_NamedColor_Write().
+Author: Jérémy Bobbio <lu...@debian.org>
+
+diff --git a/src/cmstypes.c b/src/cmstypes.c
+index 60c09ef..0afec90 100644
+--- a/src/cmstypes.c
++++ b/src/cmstypes.c
+@@ -3013,9 +3013,10 @@ cmsBool Type_ColorantTable_Write(struct _cms_typehandler_struct* self, cmsIOHAN
+
+ for (i=0; i < nColors; i++) {
+
+- char root[33];
++ char root[32];
+ cmsUInt16Number PCS[3];
+
++ memset(root, 0, 32); /* Ensure we don't write uninitialized memory. */
+ if (!cmsNamedColorInfo(NamedColorList, i, root, NULL, NULL, PCS, NULL)) return 0;
+ root[32] = 0;
+
+@@ -3138,11 +3139,13 @@ cmsBool Type_NamedColor_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER
+ if (!_cmsWriteUInt32Number(io, 0)) return FALSE;
+ if (!_cmsWriteUInt32Number(io, nColors)) return FALSE;
+ if (!_cmsWriteUInt32Number(io, NamedColorList ->ColorantCount)) return FALSE;
++ /* Ensure we don't write unitialized memory. */
++ memset(prefix, 0, 32);
++ memset(suffix, 0, 32);
+
+- strncpy(prefix, (const char*) NamedColorList->Prefix, 32);
+- strncpy(suffix, (const char*) NamedColorList->Suffix, 32);
+-
+- suffix[31] = prefix[31] = 0;
++ /* Only copy 31 characters to ensure strings will be NULL-terminated */
++ strncpy(prefix, (const char*) NamedColorList->Prefix, 31);
++ strncpy(suffix, (const char*) NamedColorList->Suffix, 31);
+
+ if (!io ->Write(io, 32, prefix)) return FALSE;
+ if (!io ->Write(io, 32, suffix)) return FALSE;
+@@ -3151,9 +3154,11 @@ cmsBool Type_NamedColor_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER
+
+ cmsUInt16Number PCS[3];
+ cmsUInt16Number Colorant[cmsMAXCHANNELS];
+- char Root[33];
++ char Root[32];
+
++ /* Ensure we don't write unitialized memory. */
++ memset(Root, 0, 32);
+ if (!cmsNamedColorInfo(NamedColorList, i, Root, NULL, NULL, PCS, Colorant)) return 0;
+ if (!io ->Write(io, 32 , Root)) return FALSE;
+ if (!_cmsWriteUInt16Array(io, 3, PCS)) return FALSE;
+ if (!_cmsWriteUInt16Array(io, NamedColorList ->ColorantCount, Colorant)) return FALSE;
diff -Nru lcms2-2.6/debian/patches/series lcms2-2.6/debian/patches/series
--- lcms2-2.6/debian/patches/series 2014-06-16 17:15:31.000000000 +0200
+++ lcms2-2.6/debian/patches/series 2016-02-20 12:42:05.000000000 +0100
@@ -4,3 +4,4 @@
sanity-check-profiles-CVE-2014-0459.patch
fix-unaligned-access.patch
endianness-verification-fix-powerpc.patch
+dont-write-uninitialized-memory-for-color-strings.patch
signature.asc
Description: Digital signature
_______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
