Hello community,
here is the log from the commit of package freexl for openSUSE:Factory checked
in at 2017-09-13 22:37:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/freexl (Old)
and /work/SRC/openSUSE:Factory/.freexl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freexl"
Wed Sep 13 22:37:30 2017 rev:6 rq:524234 version:1.0.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/freexl/freexl.changes 2016-07-01
09:59:48.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.freexl.new/freexl.changes 2017-09-13
22:37:42.381342107 +0200
@@ -1,0 +2,9 @@
+Wed Sep 13 08:12:07 UTC 2017 - mplus...@suse.com
+
+- Update to version 1.0.4:
+ * No chagelog provided by upstream
+ * CVE-2017-2924 (boo#1058433) from 1.0.3 is fixed
+ * CVE-2017-2923 (boo#1058431) from 1.0.3 is fixed
+- Small packaging cleanup
+
+-------------------------------------------------------------------
Old:
----
freexl-1.0.2.tar.gz
New:
----
freexl-1.0.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ freexl.spec ++++++
--- /var/tmp/diff_new_pack.QCdMeq/_old 2017-09-13 22:37:45.064964259 +0200
+++ /var/tmp/diff_new_pack.QCdMeq/_new 2017-09-13 22:37:45.068963696 +0200
@@ -1,7 +1,7 @@
#
# spec file for package freexl
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,19 +16,19 @@
#
-%define libname lib%{name}1
+%define sover 1
+%define libname lib%{name}%{sover}
Name: freexl
-Version: 1.0.2
+Version: 1.0.4
Release: 0
Summary: Library to extract valid data from within an Excel
-License: MPL-1.1 or GPL-2.0+ or LGPL-2.1+
+License: MPL-1.1 OR GPL-2.0+ OR LGPL-2.1+
Group: Development/Libraries/C and C++
Url: https://www.gaia-gis.it/fossil/freexl/index
Source: http://www.gaia-gis.it/gaia-sins/%{name}-%{version}.tar.gz
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: pkgconfig
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
FreeXL is an open source library to extract valid data from within an Excel
@@ -65,19 +65,17 @@
make check %{?_smp_mflags}
%install
-make %{?_smp_mflags} DESTDIR=%{buildroot} install
+%make_install
find %{buildroot} -type f -name "*.la" -delete -print
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files -n lib%{name}1
-%defattr(-,root,root,-)
%doc AUTHORS COPYING README
-%{_libdir}/libfreexl.so.*
+%{_libdir}/libfreexl.so.%{sover}*
%files devel
-%defattr(-,root,root,-)
%doc AUTHORS COPYING README
%{_includedir}/freexl.h
%{_libdir}/libfreexl.so
++++++ freexl-1.0.2.tar.gz -> freexl-1.0.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freexl-1.0.2/Makefile.in new/freexl-1.0.4/Makefile.in
--- old/freexl-1.0.2/Makefile.in 2015-07-14 09:45:23.000000000 +0200
+++ new/freexl-1.0.4/Makefile.in 2017-09-07 22:07:02.000000000 +0200
@@ -624,7 +624,7 @@
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
- tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c
>$(distdir).tar.gz
+ tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c
>$(distdir).tar.gz
$(am__post_remove_distdir)
dist-bzip2: distdir
@@ -650,7 +650,7 @@
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
- shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+ shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
$(am__post_remove_distdir)
dist-zip: distdir
-rm -f $(distdir).zip
@@ -667,7 +667,7 @@
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
- GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lz*) \
@@ -677,7 +677,7 @@
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
- GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freexl-1.0.2/config-msvc.h
new/freexl-1.0.4/config-msvc.h
--- old/freexl-1.0.2/config-msvc.h 2015-07-14 09:45:23.000000000 +0200
+++ new/freexl-1.0.4/config-msvc.h 2017-09-07 22:07:02.000000000 +0200
@@ -86,7 +86,7 @@
#define PACKAGE_NAME "FreeXL"
/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "FreeXL 1.0.1"
+#define PACKAGE_STRING "FreeXL 1.0.4"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "freexl"
@@ -95,7 +95,7 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
-#define PACKAGE_VERSION "1.0.0e"
+#define PACKAGE_VERSION "1.0.4"
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
@@ -107,7 +107,7 @@
/* #undef TM_IN_SYS_TIME */
/* Version number of package */
-#define VERSION "1.0.1"
+#define VERSION "1.0.4"
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freexl-1.0.2/configure new/freexl-1.0.4/configure
--- old/freexl-1.0.2/configure 2015-07-14 09:45:23.000000000 +0200
+++ new/freexl-1.0.4/configure 2017-09-07 22:07:02.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for FreeXL 1.0.2.
+# Generated by GNU Autoconf 2.69 for FreeXL 1.0.4.
#
# Report bugs to <a.furi...@lqt.it>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='FreeXL'
PACKAGE_TARNAME='freexl'
-PACKAGE_VERSION='1.0.2'
-PACKAGE_STRING='FreeXL 1.0.2'
+PACKAGE_VERSION='1.0.4'
+PACKAGE_STRING='FreeXL 1.0.4'
PACKAGE_BUGREPORT='a.furi...@lqt.it'
PACKAGE_URL=''
@@ -1326,7 +1326,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures FreeXL 1.0.2 to adapt to many kinds of systems.
+\`configure' configures FreeXL 1.0.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1396,7 +1396,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of FreeXL 1.0.2:";;
+ short | recursive ) echo "Configuration of FreeXL 1.0.4:";;
esac
cat <<\_ACEOF
@@ -1508,7 +1508,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-FreeXL configure 1.0.2
+FreeXL configure 1.0.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2052,7 +2052,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by FreeXL $as_me 1.0.2, which was
+It was created by FreeXL $as_me 1.0.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2923,7 +2923,7 @@
# Define the identity of the package.
PACKAGE='freexl'
- VERSION='1.0.2'
+ VERSION='1.0.4'
cat >>confdefs.h <<_ACEOF
@@ -17813,7 +17813,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by FreeXL $as_me 1.0.2, which was
+This file was extended by FreeXL $as_me 1.0.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -17879,7 +17879,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-FreeXL config.status 1.0.2
+FreeXL config.status 1.0.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freexl-1.0.2/configure.ac
new/freexl-1.0.4/configure.ac
--- old/freexl-1.0.2/configure.ac 2015-07-14 09:45:23.000000000 +0200
+++ new/freexl-1.0.4/configure.ac 2017-09-07 22:07:02.000000000 +0200
@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
-AC_INIT(FreeXL, 1.0.2, a.furi...@lqt.it)
+AC_INIT(FreeXL, 1.0.4, a.furi...@lqt.it)
AC_LANG(C)
AC_CONFIG_AUX_DIR([.])
AC_CONFIG_MACRO_DIR([m4])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freexl-1.0.2/headers/freexl_internals.h
new/freexl-1.0.4/headers/freexl_internals.h
--- old/freexl-1.0.2/headers/freexl_internals.h 2015-07-14 09:45:23.000000000
+0200
+++ new/freexl-1.0.4/headers/freexl_internals.h 2017-09-07 22:07:02.000000000
+0200
@@ -171,6 +171,7 @@
unsigned int current_utf16_len; /* current UTF-16 length */
unsigned int current_utf16_off; /* current UTF-16 offset */
unsigned int current_utf16_skip; /* bytes to be skipped after the
current string */
+ unsigned int next_utf16_skip; /* remaining bytes to be skipped in the
next record */
} biff_string_table;
typedef struct biff_cell_value_struct
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/freexl-1.0.2/src/freexl.c
new/freexl-1.0.4/src/freexl.c
--- old/freexl-1.0.2/src/freexl.c 2015-07-14 09:45:23.000000000 +0200
+++ new/freexl-1.0.4/src/freexl.c 2017-09-07 22:07:02.000000000 +0200
@@ -339,15 +339,7 @@
*real_utf16 = 1;
else
*real_utf16 = 0;
- if ((mask & 0x04) == 0x04)
- {
- /* optional field: 32-bits */
- memcpy (word32.bytes, p_string, 2);
- if (swap)
- swap32 (&word32);
- skip_1 = word32.value;
- p_string += 4;
- }
+
if ((mask & 0x08) == 0x08)
{
/* optional field 16-bits */
@@ -357,6 +349,15 @@
skip_2 = word16.value;
p_string += 2;
}
+ if ((mask & 0x04) == 0x04)
+ {
+ /* optional field: 32-bits */
+ memcpy (word32.bytes, p_string, 4);
+ if (swap)
+ swap32 (&word32);
+ skip_1 = word32.value;
+ p_string += 4;
+ }
*start_offset = p_string - addr;
*extra_skip = skip_1 + (skip_2 * 4);
}
@@ -951,6 +952,21 @@
return FREEXL_OK;
}
+static size_t
+xls_fread (size_t bufsz, void *buf, size_t size, size_t nmemb, FILE * fl)
+{
+/*
+/ Sandro 2017-09-07
+/ secure version of "fread" checking against buffer overflows
+/---------------------------
+/ expected to fix the issue reported by
+/ Cisco [TALOS-2017-431]
+*/
+ if ((size * nmemb) > bufsz)
+ return 0;
+ return fread (buf, size, nmemb, fl);
+}
+
static fat_chain *
alloc_fat_chain (int swap, unsigned short sector_shift,
unsigned int directory_start)
@@ -1228,6 +1244,7 @@
workbook->shared_strings.current_utf16_len = 0;
workbook->shared_strings.current_utf16_off = 0;
workbook->shared_strings.current_utf16_skip = 0;
+ workbook->shared_strings.next_utf16_skip = 0;
workbook->first_sheet = NULL;
workbook->last_sheet = NULL;
workbook->active_sheet = NULL;
@@ -1393,7 +1410,8 @@
max_fat = 128;
/* reading a FAT sector */
- if (fread (buf, 1, chain->sector_size, xls) != chain->sector_size)
+ if (xls_fread (sizeof (buf), buf, 1, chain->sector_size, xls) !=
+ chain->sector_size)
return FREEXL_CFBF_READ_ERROR;
for (i_fat = 0; i_fat < max_fat; i_fat++)
@@ -1435,7 +1453,8 @@
if (fseek (xls, where, SEEK_SET) != 0)
return FREEXL_CFBF_SEEK_ERROR;
/* reading a DIFAT sector */
- if (fread (&difat, 1, chain->sector_size, xls) != chain->sector_size)
+ if (xls_fread (sizeof (difat), &difat, 1, chain->sector_size, xls) !=
+ chain->sector_size)
return FREEXL_CFBF_READ_ERROR;
blocks++;
if (chain->swap)
@@ -1496,7 +1515,8 @@
unsigned char *p_buf = buf;
block++;
/* reading a miniFAT sector */
- if (fread (&buf, 1, chain->sector_size, xls) != chain->sector_size)
+ if (xls_fread (sizeof (buf), &buf, 1, chain->sector_size, xls) !=
+ chain->sector_size)
return FREEXL_CFBF_READ_ERROR;
for (i_fat = 0; i_fat < max_fat; i_fat++)
{
@@ -1524,7 +1544,7 @@
int ret;
unsigned char *p_fat = header.fat_sector_map;
- if (fread (&header, 1, 512, workbook->xls) != 512)
+ if (xls_fread (sizeof (header), &header, 1, 512, workbook->xls) != 512)
{
*err_code = FREEXL_CFBF_READ_ERROR;
return NULL;
@@ -1670,8 +1690,9 @@
*errcode = FREEXL_CFBF_SEEK_ERROR;
return 0;
}
- if (fread (buf, 1, workbook->fat->sector_size, workbook->xls) !=
- workbook->fat->sector_size)
+ if (xls_fread
+ (sizeof (buf), buf, 1, workbook->fat->sector_size,
+ workbook->xls) != workbook->fat->sector_size)
{
*errcode = FREEXL_CFBF_READ_ERROR;
return 0;
@@ -1758,6 +1779,7 @@
unsigned int len;
int utf16 = 0;
int err;
+ unsigned int next_skip;
unsigned int utf16_len = workbook->shared_strings.current_utf16_len;
unsigned int utf16_off = workbook->shared_strings.current_utf16_off;
unsigned int utf16_skip = workbook->shared_strings.current_utf16_skip;
@@ -1795,6 +1817,11 @@
/* skipping extra data (if any) */
p_string += utf16_skip;
+ if (p_string - workbook->record >= workbook->record_size)
+ next_skip =
+ (p_string - workbook->record) - workbook->record_size;
+ else
+ next_skip = 0;
/* converting text to UTF-8 */
utf8_string =
@@ -1808,7 +1835,8 @@
workbook->shared_strings.current_utf16_buf = NULL;
workbook->shared_strings.current_utf16_len = 0;
workbook->shared_strings.current_utf16_off = 0;
- workbook->shared_strings.current_utf16_skip = 0;
+ workbook->shared_strings.current_utf16_skip = next_skip;
+ workbook->shared_strings.next_utf16_skip = 0;
workbook->shared_strings.current_index += 1;
}
}
@@ -1823,6 +1851,7 @@
biff_word16 word16;
unsigned int start_offset;
unsigned int extra_skip;
+ unsigned int next_skip;
if ((unsigned int) (p_string - workbook->record) >=
workbook->record_size)
@@ -1831,6 +1860,9 @@
return FREEXL_OK;
}
+ /* skipping extra bytes belonging to the previous record */
+ p_string += workbook->shared_strings.next_utf16_skip;
+
memcpy (word16.bytes, p_string, 2);
if (swap)
swap16 (&word16);
@@ -1843,6 +1875,7 @@
/* initializing the current UTF-16 variables */
workbook->shared_strings.current_utf16_skip = extra_skip;
+ workbook->shared_strings.next_utf16_skip = 0;
workbook->shared_strings.current_utf16_off = 0;
workbook->shared_strings.current_utf16_len = len;
workbook->shared_strings.current_utf16_buf =
@@ -1890,6 +1923,10 @@
p_string += len * 2;
/* skipping extra data (if any) */
p_string += workbook->shared_strings.current_utf16_skip;
+ if (p_string - workbook->record >= workbook->record_size)
+ next_skip = (p_string - workbook->record) - workbook->record_size;
+ else
+ next_skip = 0;
*(workbook->shared_strings.utf8_strings + i_string) = utf8_string;
free (workbook->shared_strings.current_utf16_buf);
@@ -1897,6 +1934,7 @@
workbook->shared_strings.current_utf16_len = 0;
workbook->shared_strings.current_utf16_off = 0;
workbook->shared_strings.current_utf16_skip = 0;
+ workbook->shared_strings.next_utf16_skip = next_skip;
workbook->shared_strings.current_index = i_string + 1;
}
@@ -2003,7 +2041,7 @@
/* looping on BIFF records */
if (!first)
{
- if (fread (&buf, 1, 4, workbook->xls) != 4)
+ if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4)
return 0;
memcpy (record_type.bytes, buf, 2);
memcpy (record_size.bytes, buf + 2, 2);
@@ -2029,9 +2067,9 @@
/* INTEGER marker found */
biff_word16 word16;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2056,9 +2094,9 @@
/* NUMBER marker found */
biff_word16 word16;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2083,9 +2121,9 @@
/* BOOLERR marker found */
biff_word16 word16;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2108,9 +2146,9 @@
/* RK marker found */
biff_word16 word16;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2135,9 +2173,9 @@
/* LABEL marker found */
biff_word16 word16;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2214,7 +2252,7 @@
/* attempting to get the main BOF */
rewind (workbook->xls);
- if (fread (&buf, 1, 4, workbook->xls) != 4)
+ if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4)
return 0;
memcpy (record_type.bytes, buf, 2);
memcpy (record_size.bytes, buf + 2, 2);
@@ -2250,7 +2288,7 @@
{
/* looping on BIFF records */
- if (fread (&buf, 1, 4, workbook->xls) != 4)
+ if (xls_fread (sizeof (buf), &buf, 1, 4, workbook->xls) != 4)
return 0;
memcpy (record_type.bytes, buf, 2);
memcpy (record_size.bytes, buf + 2, 2);
@@ -2263,7 +2301,7 @@
if (record_type.value == BIFF_SHEETSOFFSET)
{
-/* unsupported BIFF4W format */
+ /* unsupported BIFF4W format */
return 0;
}
@@ -2276,9 +2314,9 @@
if (record_type.value == BIFF_CODEPAGE)
{
/* CODEPAGE marker found */
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
if (swap)
@@ -2294,9 +2332,9 @@
if (record_type.value == BIFF_DATEMODE)
{
/* DATEMODE marker found */
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
if (swap)
@@ -2328,9 +2366,9 @@
int is_date = 0;
int is_datetime = 0;
int is_time = 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
if (workbook->biff_version == FREEXL_BIFF_VER_2
@@ -2395,10 +2433,10 @@
{
/* XF [Extended Format] marker found */
unsigned char format;
- unsigned short s_format;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ unsigned short s_format = 0;
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
switch (workbook->biff_version)
{
@@ -2428,9 +2466,9 @@
unsigned int rows;
unsigned short columns;
char *utf8_name;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record + 2, 2);
@@ -2478,9 +2516,9 @@
(workbook, swap, record_type.value, record_size.value))
return 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2546,9 +2584,9 @@
(workbook, swap, record_type.value, record_size.value))
return 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2625,9 +2663,9 @@
(workbook, swap, record_type.value, record_size.value))
return 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2678,9 +2716,9 @@
(workbook, swap, record_type.value, record_size.value))
return 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -2779,9 +2817,9 @@
(workbook, swap, record_type.value, record_size.value))
return 0;
- if (fread
- (workbook->record, 1, record_size.value,
- workbook->xls) != record_size.value)
+ if (xls_fread
+ (sizeof (workbook->record), workbook->record, 1,
+ record_size.value, workbook->xls) != record_size.value)
return 0;
memcpy (word16.bytes, workbook->record, 2);
@@ -3209,7 +3247,7 @@
|| workbook->biff_version == FREEXL_BIFF_VER_8))
{
/* XF [Extended Format] marker found */
- unsigned short s_format;
+ unsigned short s_format = 0;
biff_word16 word16;
if (workbook->second_pass)
return FREEXL_OK;
@@ -3646,8 +3684,9 @@
long where = (workbook->current_sector + 1) * workbook->fat->sector_size;
if (fseek (workbook->xls, where, SEEK_SET) != 0)
return FREEXL_CFBF_SEEK_ERROR;
- if (fread (buf, 1, workbook->fat->sector_size, workbook->xls) !=
- workbook->fat->sector_size)
+ if (xls_fread
+ (sizeof (biff_workbook), buf, 1, workbook->fat->sector_size,
+ workbook->xls) != workbook->fat->sector_size)
return FREEXL_CFBF_READ_ERROR;
return FREEXL_OK;
}
@@ -3769,6 +3808,14 @@
if (record_type.value == 0x0000 && record_size.value == 0)
return -1;
+/*
+/ Sandro 2017-09-07
+/ fixing a security issue reported by
+/ Cisco [TALOS-2017-430]
+*/
+ if (record_size.value > sizeof (workbook->record))
+ return -1;
+
/* saving the current record */
workbook->record_type = record_type.value;
workbook->record_size = record_size.value;
@@ -3948,8 +3995,9 @@
if (fseek (workbook->xls, where, SEEK_SET) != 0)
return FREEXL_CFBF_SEEK_ERROR;
/* reading a FAT Directory block [sector] */
- if (fread (dir_block, 1, workbook->fat->sector_size, workbook->xls) !=
- workbook->fat->sector_size)
+ if (xls_fread
+ (sizeof (dir_block), dir_block, 1, workbook->fat->sector_size,
+ workbook->xls) != workbook->fat->sector_size)
return FREEXL_CFBF_READ_ERROR;
workbook_start = 0xFFFFFFFF;
for (i_entry = 0; i_entry < max_entries; i_entry++)
