Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
poppler-qt5.31330
CVE-2018-19060.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-19060.patch of Package poppler-qt5.31330
From d2f5d424ba8752f9a9e9dad410546ec1b46caa0a Mon Sep 17 00:00:00 2001 From: Adam Reichold <adam.reichold@t-online.de> Date: Tue, 6 Nov 2018 09:08:06 +0100 Subject: [PATCH] pdfdetach: Check for valid file name of embedded file before using it to determine save path. Closes #660 --- utils/pdfdetach.cc | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) Index: poppler-0.62.0/utils/pdfdetach.cc =================================================================== --- poppler-0.62.0.orig/utils/pdfdetach.cc 2019-03-20 11:10:11.929383424 +0000 +++ poppler-0.62.0/utils/pdfdetach.cc 2019-03-20 11:10:24.075423128 +0000 @@ -189,14 +189,18 @@ int main(int argc, char *argv[]) { fileSpec = static_cast<FileSpec *>(embeddedFiles->get(i)); printf("%d: ", i+1); s1 = fileSpec->getFileName(); - if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) { + if (!s1) { + exitCode = 3; + goto err2; + } + if (s1->hasUnicodeMarker()) { isUnicode = gTrue; j = 2; } else { isUnicode = gFalse; j = 0; } - while (j < fileSpec->getFileName()->getLength()) { + while (j < s1->getLength()) { if (isUnicode) { u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff); j += 2; @@ -226,14 +230,18 @@ int main(int argc, char *argv[]) { p = path; } s1 = fileSpec->getFileName(); - if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) { + if (!s1) { + exitCode = 3; + goto err2; + } + if (s1->hasUnicodeMarker()) { isUnicode = gTrue; j = 2; } else { isUnicode = gFalse; j = 0; } - while (j < fileSpec->getFileName()->getLength()) { + while (j < s1->getLength()) { if (isUnicode) { u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff); j += 2; @@ -269,14 +277,18 @@ int main(int argc, char *argv[]) { } else { p = path; s1 = fileSpec->getFileName(); - if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) { + if (!s1) { + exitCode = 3; + goto err2; + } + if (s1->hasUnicodeMarker()) { isUnicode = gTrue; j = 2; } else { isUnicode = gFalse; j = 0; } - while (j < fileSpec->getFileName()->getLength()) { + while (j < s1->getLength()) { if (isUnicode) { u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff); j += 2;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor