Re: [Podofo-users] another bunch of crashes

Fri, 07 Apr 2017 12:40:33 -0700 

Hi

I’ve been doing some patching over the past couple of days and have patches for 
most of the CVEs.

I think the patch in r1835 fixes the case where pObj == pObj->GetParent() but I 
don’t think it fixes cases where pObj == pObj->GetParent()->GetParent() or 
pObj->GetParent() == pObj->GetParent()->GetParent(). There’s also the problem 
of an attacker deliberately creating a PDF with very deeply nested objects to 
cause a stack overflow.

This patch adds a recursion depth counter and throws an error if the recursion 
gets too deep. It’s probably worth combining the patches since the pObj == 
pObj->GetParent() case is probably the most common, but the depth check covers 
other types of loops in the “Parent” structure and protects against deeply 
nested PDFs

Best Regards
Mark

-- 
Mark Rogers - mark.rog...@powermapper.com
PowerMapper Software Ltd - www.powermapper.com
Registered in Scotland No 362274 Quartermile 2 Edinburgh EH3 9GL
 



On 07/04/2017, 19:10, "zyx" <z...@litepdf.cz> wrote:

    On Thu, 2017-03-02 at 17:31 +0100, Agostino Sarubbo wrote:
    >....
    
        Hi,
    I tried on couple of CVE-s, using trunk at revision 1834. I chose to
    behave in a non-forgiving way, but feel free to discuss those
    "solutions" here, if you can think of anything better.
    
    CVE-2017-5852 - fixed with revision 1835:
    http://sourceforge.net/p/podofo/code/1835
    
    CVE-2017-5854 - fixed with revision 1836:
    http://sourceforge.net/p/podofo/code/1836
    
    CVE-2017-5886 - fixed with revision 1837:
    http://sourceforge.net/p/podofo/code/1837
    
        Bye,
        zyx
    
    -- 
    http://www.litePDF.cz                                 i...@litepdf.cz
    
    
------------------------------------------------------------------------------
    Check out the vibrant tech community on one of the world's most
    engaging tech sites, Slashdot.org! http://sdm.link/slashdot
    _______________________________________________
    Podofo-users mailing list
    Podofo-users@lists.sourceforge.net
    https://lists.sourceforge.net/lists/listinfo/podofo-users

Attachment: patch-CVE-2017-5852.diff
Description: patch-CVE-2017-5852.diff

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

Reply via email to