guix/gnu/packages/patches/libextractor-CVE-2018-20431.patch
Alex Vong 8f36c8e9ea
gnu: libextractor: Fix CVE-2018-{20430,20431}.
* gnu/packages/patches/libextractor-CVE-2018-20430.patch,
gnu/packages/patches/libextractor-CVE-2018-20431.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnunet.scm (libextractor)[source]: Use them.
2019-01-04 07:33:46 +08:00

53 lines
1.4 KiB
Diff

Fix CVE-2018-20431:
https://gnunet.org/bugs/view.php?id=5494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431
https://security-tracker.debian.org/tracker/CVE-2018-20431
Patch copied from upstream source repository:
https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7
To apply the patch to libextractor 1.8 release tarball,
hunk #1 which patches ChangeLog is removed.
From 489c4a540bb2c4744471441425b8932b97a153e7 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 20 Dec 2018 23:02:28 +0100
Subject: [PATCH] fix #5494
---
ChangeLog | 3 ++-
src/plugins/ole2_extractor.c | 9 +++++++--
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/plugins/ole2_extractor.c b/src/plugins/ole2_extractor.c
index 53fa1b9..a48b726 100644
--- a/src/plugins/ole2_extractor.c
+++ b/src/plugins/ole2_extractor.c
@@ -173,7 +173,7 @@ struct ProcContext
EXTRACTOR_MetaDataProcessor proc;
/**
- * Closure for 'proc'.
+ * Closure for @e proc.
*/
void *proc_cls;
@@ -213,7 +213,12 @@ process_metadata (gpointer key,
if (G_VALUE_TYPE(gval) == G_TYPE_STRING)
{
- contents = strdup (g_value_get_string (gval));
+ const char *gvals;
+
+ gvals = g_value_get_string (gval);
+ if (NULL == gvals)
+ return;
+ contents = strdup (gvals);
}
else
{
--
2.20.1