Bug#1018814: marked as done (exif: update for null ptr fixes)

Debian Bug Tracking System Mon, 05 Sep 2022 18:39:11 -0700

Your message dated Tue, 06 Sep 2022 01:34:28 +0000
with message-id <[email protected]>
and subject line Bug#1018814: fixed in exif 0.6.22-3
has caused the Debian Bug report #1018814,
regarding exif: update for null ptr fixes
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1018814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018814
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: exif
Severity: wishlist

I have prepared an update for exif package to address two null pointer issues,
changes have been submitted as an MR on salsa, also see the debdiff in
attachement.

Regards,
Aron Xu

diff -Nru exif-0.6.22/debian/changelog exif-0.6.22/debian/changelog
--- exif-0.6.22/debian/changelog        2020-07-09 10:58:17.000000000 +0000
+++ exif-0.6.22/debian/changelog        2022-08-31 07:35:27.000000000 +0000
@@ -1,3 +1,11 @@
+exif (0.6.22-3) unstable; urgency=medium
+
+  * Add patch for NULL Pointer Deference when printing out XML formatted
+    EXIF data (CVE-2021-27815)
+  * Add patch for NullPointer in strncpy() in Action.c
+
+ -- Aron Xu <[email protected]>  Wed, 31 Aug 2022 07:35:27 +0000
+
 exif (0.6.22-2) unstable; urgency=medium
 
   * Add upstream patch to fix test failures on big endian systems
diff -Nru 
exif-0.6.22/debian/patches/0001-added-empty-strign-check-which-would-lead-to-NULL-pt.patch
 
exif-0.6.22/debian/patches/0001-added-empty-strign-check-which-would-lead-to-NULL-pt.patch
--- 
exif-0.6.22/debian/patches/0001-added-empty-strign-check-which-would-lead-to-NULL-pt.patch
  1970-01-01 00:00:00.000000000 +0000
+++ 
exif-0.6.22/debian/patches/0001-added-empty-strign-check-which-would-lead-to-NULL-pt.patch
  2022-08-31 07:26:54.000000000 +0000
@@ -0,0 +1,27 @@
+From f6334d9d32437ef13dc902f0a88a2be0063d9d1c Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <[email protected]>
+Date: Thu, 25 Feb 2021 08:31:53 +0100
+Subject: [PATCH 01/25] added empty strign check, which would lead to NULL ptr
+ deref/crash in exif XML display. fixes
+ https://github.com/libexif/exif/issues/4
+
+---
+ exif/actions.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/exif/actions.c b/exif/actions.c
+index ed245df..123c064 100644
+--- a/exif/actions.c
++++ b/exif/actions.c
+@@ -661,6 +661,8 @@ escape_xml(const char *text)
+       char *out;
+       size_t len;
+ 
++      if (!strlen(text)) return "empty string";
++
+       for (out=escaped, len=0; *text; ++len, ++out, ++text) {
+               /* Make sure there's plenty of room for a quoted character */
+               if ((len + 8) > escaped_size) {
+-- 
+2.30.2
+
diff -Nru 
exif-0.6.22/debian/patches/0002-actually-return-empty-stringand-not-em-pty-string-as.patch
 
exif-0.6.22/debian/patches/0002-actually-return-empty-stringand-not-em-pty-string-as.patch
--- 
exif-0.6.22/debian/patches/0002-actually-return-empty-stringand-not-em-pty-string-as.patch
  1970-01-01 00:00:00.000000000 +0000
+++ 
exif-0.6.22/debian/patches/0002-actually-return-empty-stringand-not-em-pty-string-as.patch
  2022-08-31 07:27:02.000000000 +0000
@@ -0,0 +1,26 @@
+From eb84b0e3c5f2a86013b6fcfb800d187896a648fa Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <[email protected]>
+Date: Thu, 25 Feb 2021 09:45:36 +0100
+Subject: [PATCH 02/25] actually return empty stringand not 'em,pty string' as
+ expected
+
+---
+ exif/actions.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/exif/actions.c b/exif/actions.c
+index 123c064..4fade01 100644
+--- a/exif/actions.c
++++ b/exif/actions.c
+@@ -661,7 +661,7 @@ escape_xml(const char *text)
+       char *out;
+       size_t len;
+ 
+-      if (!strlen(text)) return "empty string";
++      if (!strlen(text)) return "";
+ 
+       for (out=escaped, len=0; *text; ++len, ++out, ++text) {
+               /* Make sure there's plenty of room for a quoted character */
+-- 
+2.30.2
+
diff -Nru exif-0.6.22/debian/patches/0003-avoid-NULL-ptr-crash.patch 
exif-0.6.22/debian/patches/0003-avoid-NULL-ptr-crash.patch
--- exif-0.6.22/debian/patches/0003-avoid-NULL-ptr-crash.patch  1970-01-01 
00:00:00.000000000 +0000
+++ exif-0.6.22/debian/patches/0003-avoid-NULL-ptr-crash.patch  2022-08-31 
07:28:52.000000000 +0000
@@ -0,0 +1,31 @@
+From a702ad911f7c9824979a6534d87dfb1ec9928533 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <[email protected]>
+Date: Wed, 18 Aug 2021 14:53:24 +0200
+Subject: [PATCH 20/25] avoid NULL ptr crash fixes
+ https://github.com/libexif/exif/issues/5
+
+---
+ exif/actions.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/exif/actions.c b/exif/actions.c
+index 4fade01..d7ab870 100644
+--- a/exif/actions.c
++++ b/exif/actions.c
+@@ -715,7 +715,12 @@ show_entry_xml (ExifEntry *e, void *data)
+               fprintf (stdout, "%s", escape_xml(exif_entry_get_value (e, v, 
sizeof (v))));
+               fprintf (stdout, "</x%04x>", e->tag);
+       } else {
+-              strncpy (t, exif_tag_get_title_in_ifd(e->tag, 
exif_entry_get_ifd(e)), sizeof (t));
++              const char *title = exif_tag_get_title_in_ifd(e->tag, 
exif_entry_get_ifd(e));
++              if (!title) {
++                      /* might just be an unknown tag */
++                      return;
++              }
++              strncpy (t, title, sizeof (t));
+               t[sizeof(t)-1] = 0;
+ 
+               /* Remove invalid characters from tag eg. (, ), space */
+-- 
+2.30.2
+
diff -Nru exif-0.6.22/debian/patches/series exif-0.6.22/debian/patches/series
--- exif-0.6.22/debian/patches/series   2020-07-09 10:58:17.000000000 +0000
+++ exif-0.6.22/debian/patches/series   2022-08-31 07:34:04.000000000 +0000
@@ -1 +1,4 @@
 unsigned-types.patch
+0001-added-empty-strign-check-which-would-lead-to-NULL-pt.patch
+0002-actually-return-empty-stringand-not-em-pty-string-as.patch
+0003-avoid-NULL-ptr-crash.patch

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: exif
Source-Version: 0.6.22-3
Done: Hugh McMaster <[email protected]>

We believe that the bug you reported is fixed in the latest version of
exif, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hugh McMaster <[email protected]> (supplier of updated exif package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 05 Sep 2022 14:01:03 +1000
Source: exif
Architecture: source
Version: 0.6.22-3
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers 
<[email protected]>
Changed-By: Hugh McMaster <[email protected]>
Closes: 1018814
Changes:
 exif (0.6.22-3) unstable; urgency=medium
 .
   * debian/control: Raise Standards-Version to 4.6.1 (no changes needed).
   * debian/copyright: Update for 2022.
   * debian/gbp.conf: Use DEP-14 branch naming; require signed tags.
   * debian/patches:
     + Add patch for CVE-2021-27815 (Closes: #1018814).
     + Prevent NULL pointer dereference with strncpy() in exif/actions.c.
       Thanks to Aron Xu for forwarding the upstream patch.
Checksums-Sha1:
 712e5c80e38b7e2d3cf303c2c20ebe3520623673 2006 exif_0.6.22-3.dsc
 cdb0fdb98cc06397ba5d94fb980100cffd8975d8 7672 exif_0.6.22-3.debian.tar.xz
 116a5cb3f6ad24a25a6e1cf47731c51b915460fe 6257 exif_0.6.22-3_amd64.buildinfo
Checksums-Sha256:
 6db3523dbf4bc7fb8fd75119709e5be58ddd9d1f1bbdcefba13526df6f880439 2006 
exif_0.6.22-3.dsc
 974c04c40e8c7832fa28b56eacba7a2d10204fb2d11937bbc87e3b4c98037c2e 7672 
exif_0.6.22-3.debian.tar.xz
 5165e1620d7108aaa238d89220a639ff2c3b166ce06e0ecb1c3089ba9395c6f9 6257 
exif_0.6.22-3_amd64.buildinfo
Files:
 9d9a731e850db367941c0fdae73a565d 2006 graphics optional exif_0.6.22-3.dsc
 968ee6cdebf4012064710a30aac7418e 7672 graphics optional 
exif_0.6.22-3.debian.tar.xz
 a6a91f2504d5aa8b0aa32d55e5ea3cf7 6257 graphics optional 
exif_0.6.22-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJOBAEBCgA4FiEEOiCBPKV5RoaMUVIRWsYQdMXoG8QFAmMWnVQaHGh1Z2gubWNt
YXN0ZXJAb3V0bG9vay5jb20ACgkQWsYQdMXoG8SIsBAAvYqeqXZawdoxPhzrsu5s
0pV9O9u6GBrxXeAs6vs7iU18lDWf7n5JR+JcB+CkfJbQ03Uq475EX5C3xDG23UhO
2Ko64LaueTZfWD/2g6TTPvRqS4dsxNSnMbFlxryUeeEWKTOo6wr3d4Lq1X7smZiy
FlAO5pQL4kajR/zyTXustzTz2cuOOhQ08HqlaOQdsZ62lGJYQc6GDuUj4QmFAMjR
6iphvBxEwHE5NzbwjcSI3c+VBxfA5lyLiMsw2T8RUCLrGg0KmGHuv+9YmvrpRf8U
tCvBudOczG+2AdbTBb803rAO/g0tfXUbq4o33K228n/6FDrLEupEhAauDbp1oHpb
/66jWCLQ/bY5Qi3Yv8kJZlek48pwZlsh8nH6IfqXWmdzB7kYB4RQ8AUzVBCRV0sA
tfo3JAVZRWkbJK/g9LInq6pWCRRHH8aXmIZFtPDs+O3AEBaiS644ghPzTl2qrRIL
1hcq3FQRCtOkG1QRTKbhWjScWIsios9ke866PJ8R+4nMAwYhTfv3TWMFFnfMKgRv
y39FHzA6tjScebGTRq2LnwUqx6/7kKgNE3eD7LDo2EgkSB4plk/rLJg4WwVpVGtB
6LPbKH8pUu1wV+KzPJfKaALYHc8gfkklPgMaiDB3So5tO8GIrewno//ElYoKnfO1
i9w+CzxX1kyTd9UisPRNeTw=
=XDA+
-----END PGP SIGNATURE-----

--- End Message ---

Bug#1018814: marked as done (exif: update for null ptr fixes)

Reply via email to