[pkgsrc/trunk]: pkgsrc/sysutils/file Patch file for CVE-2018-10360.

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b12b5e37e57d
branches:  trunk
changeset: 309954:b12b5e37e57d
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sat Jun 30 09:27:02 2018 +0000

description:
Patch file for CVE-2018-10360.

Patch from Matthias Ferdinand on pkgsrc-users.

The do_core_note function in readelf.c in libmagic.a in file
5.33 allows remote attackers to cause a denial of service
(out-of-bounds read and application crash) via a crafted ELF
file.

diffstat:

 sysutils/file/Makefile                    |   4 ++--
 sysutils/file/distinfo                    |   3 ++-
 sysutils/file/patches/patch-src_readelf.c |  24 ++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diffs (56 lines):

diff -r 5ca8fa008a96 -r b12b5e37e57d sysutils/file/Makefile
--- a/sysutils/file/Makefile    Fri Jun 29 17:01:49 2018 +0000
+++ b/sysutils/file/Makefile    Sat Jun 30 09:27:02 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.41 2017/12/12 03:11:51 ryoon Exp $
+# $NetBSD: Makefile,v 1.42 2018/06/30 09:27:02 bsiegert Exp $
 
 DISTNAME=              file-5.32
-PKGREVISION=           1
+PKGREVISION=           2
 CATEGORIES=            sysutils
 MASTER_SITES=          ftp://ftp.astron.com/pub/file/
 
diff -r 5ca8fa008a96 -r b12b5e37e57d sysutils/file/distinfo
--- a/sysutils/file/distinfo    Fri Jun 29 17:01:49 2018 +0000
+++ b/sysutils/file/distinfo    Sat Jun 30 09:27:02 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2017/12/12 03:11:51 ryoon Exp $
+$NetBSD: distinfo,v 1.31 2018/06/30 09:27:02 bsiegert Exp $
 
 SHA1 (file-5.32.tar.gz) = c2858a8043387d1229d8768ad42762a803d017db
 RMD160 (file-5.32.tar.gz) = b7d41a4c6b2c28d9f202d740e353416e2036c1ef
@@ -6,4 +6,5 @@
 Size (file-5.32.tar.gz) = 797025 bytes
 SHA1 (patch-aa) = dc787ea0d77d7ba88bcb1e17d38b26b13153a1c5
 SHA1 (patch-src_fsmagic.c) = ee770cf37dfdfbc5a7c123d2691312610b76e76e
+SHA1 (patch-src_readelf.c) = 2dca756d757509643f72937595c470378fb4f3d1
 SHA1 (patch-src_softmagic.c) = bd8871c9050ca521f02b62066d0023a5fbb2d168
diff -r 5ca8fa008a96 -r b12b5e37e57d sysutils/file/patches/patch-src_readelf.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/file/patches/patch-src_readelf.c Sat Jun 30 09:27:02 2018 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-src_readelf.c,v 1.1 2018/06/30 09:27:03 bsiegert Exp $
+
+apply https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
+against https://nvd.nist.gov/vuln/detail/CVE-2018-10360
+
+    ...
+    The do_core_note function in readelf.c in libmagic.a in file
+    5.33 allows remote attackers to cause a denial of service
+    (out-of-bounds read and application crash) via a crafted ELF
+    file.
+    ...
+
+--- src/readelf.c.orig 2017-08-27 07:55:02.000000000 +0000
++++ src/readelf.c
+@@ -824,7 +824,8 @@ do_core_note(struct magic_set *ms, unsig
+ 
+                               cname = (unsigned char *)
+                                   &nbuf[doff + prpsoffsets(i)];
+-                              for (cp = cname; *cp && isprint(*cp); cp++)
++                              for (cp = cname; cp < nbuf + size && *cp
++                                  && isprint(*cp); cp++)
+                                       continue;
+                               /*
+                                * Linux apparently appends a space at the end