diff options
author | akash.hadke <akash.hadke@kpit.com> | 2021-05-25 13:29:14 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2021-05-25 04:50:10 -0700 |
commit | 943f5560aa3b34f1c0baa0b8093fe978d5db558d (patch) | |
tree | 79c661062d3b108fea566ad3d1664a3d66419529 | |
parent | f56fb13a2c5efe0802fca883f321bc6ea064d70f (diff) | |
download | meta-openembedded-943f5560aa3b34f1c0baa0b8093fe978d5db558d.tar.gz |
opencv: Add fix for CVE-2019-5063 and CVE-2019-5064
Added fix for below CVE's
CVE-2019-5063
CVE-2019-5064
Link: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch
Signed-off-by: akash hadke <akash.hadke@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch | 78 | ||||
-rw-r--r-- | meta-oe/recipes-support/opencv/opencv_4.1.0.bb | 1 |
2 files changed, 79 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch new file mode 100644 index 000000000..b4d5e6dc4 --- /dev/null +++ b/meta-oe/recipes-support/opencv/opencv/CVE-2019-5063_and_2019-5064.patch | |||
@@ -0,0 +1,78 @@ | |||
1 | From f42d5399aac80d371b17d689851406669c9b9111 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alexander Alekhin <alexander.alekhin@intel.com> | ||
3 | Date: Thu, 7 Nov 2019 14:01:51 +0300 | ||
4 | Subject: [PATCH] core(persistence): add more checks for implementation | ||
5 | limitations | ||
6 | |||
7 | Signed-off-by: akash hadke <akash.hadke@kpit.com> | ||
8 | --- | ||
9 | modules/core/src/persistence_json.cpp | 8 ++++++++ | ||
10 | modules/core/src/persistence_xml.cpp | 6 ++++-- | ||
11 | 2 files changed, 12 insertions(+), 2 deletions(-) | ||
12 | --- | ||
13 | CVE: CVE-2019-5063 | ||
14 | CVE: CVE-2019-5064 | ||
15 | Upstream-Status: Backport [https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch] | ||
16 | --- | ||
17 | diff --git a/modules/core/src/persistence_json.cpp b/modules/core/src/persistence_json.cpp | ||
18 | index 89914e6534f..2efdf17d3f5 100644 | ||
19 | --- a/modules/core/src/persistence_json.cpp | ||
20 | +++ b/modules/core/src/persistence_json.cpp | ||
21 | @@ -578,10 +578,14 @@ class JSONParser : public FileStorageParser | ||
22 | sz = (int)(ptr - beg); | ||
23 | if( sz > 0 ) | ||
24 | { | ||
25 | + if (i + sz >= CV_FS_MAX_LEN) | ||
26 | + CV_PARSE_ERROR_CPP("string is too long"); | ||
27 | memcpy(buf + i, beg, sz); | ||
28 | i += sz; | ||
29 | } | ||
30 | ptr++; | ||
31 | + if (i + 1 >= CV_FS_MAX_LEN) | ||
32 | + CV_PARSE_ERROR_CPP("string is too long"); | ||
33 | switch ( *ptr ) | ||
34 | { | ||
35 | case '\\': | ||
36 | @@ -605,6 +609,8 @@ class JSONParser : public FileStorageParser | ||
37 | sz = (int)(ptr - beg); | ||
38 | if( sz > 0 ) | ||
39 | { | ||
40 | + if (i + sz >= CV_FS_MAX_LEN) | ||
41 | + CV_PARSE_ERROR_CPP("string is too long"); | ||
42 | memcpy(buf + i, beg, sz); | ||
43 | i += sz; | ||
44 | } | ||
45 | @@ -620,6 +626,8 @@ class JSONParser : public FileStorageParser | ||
46 | sz = (int)(ptr - beg); | ||
47 | if( sz > 0 ) | ||
48 | { | ||
49 | + if (i + sz >= CV_FS_MAX_LEN) | ||
50 | + CV_PARSE_ERROR_CPP("string is too long"); | ||
51 | memcpy(buf + i, beg, sz); | ||
52 | i += sz; | ||
53 | } | ||
54 | diff --git a/modules/core/src/persistence_xml.cpp b/modules/core/src/persistence_xml.cpp | ||
55 | index 89876dd3da8..52b53744254 100644 | ||
56 | --- a/modules/core/src/persistence_xml.cpp | ||
57 | +++ b/modules/core/src/persistence_xml.cpp | ||
58 | @@ -627,6 +627,8 @@ class XMLParser : public FileStorageParser | ||
59 | c = '\"'; | ||
60 | else | ||
61 | { | ||
62 | + if (len + 2 + i >= CV_FS_MAX_LEN) | ||
63 | + CV_PARSE_ERROR_CPP("string is too long"); | ||
64 | memcpy( strbuf + i, ptr-1, len + 2 ); | ||
65 | i += len + 2; | ||
66 | } | ||
67 | @@ -635,9 +637,9 @@ class XMLParser : public FileStorageParser | ||
68 | CV_PERSISTENCE_CHECK_END_OF_BUFFER_BUG_CPP(); | ||
69 | } | ||
70 | } | ||
71 | + if (i + 1 >= CV_FS_MAX_LEN) | ||
72 | + CV_PARSE_ERROR_CPP("Too long string literal"); | ||
73 | strbuf[i++] = c; | ||
74 | - if( i >= CV_FS_MAX_LEN ) | ||
75 | - CV_PARSE_ERROR_CPP( "Too long string literal" ); | ||
76 | } | ||
77 | elem->setValue(FileNode::STRING, strbuf, i); | ||
78 | } | ||
diff --git a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb index de708fd06..19d5d0c89 100644 --- a/meta-oe/recipes-support/opencv/opencv_4.1.0.bb +++ b/meta-oe/recipes-support/opencv/opencv_4.1.0.bb | |||
@@ -54,6 +54,7 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv \ | |||
54 | file://CVE-2019-14493.patch \ | 54 | file://CVE-2019-14493.patch \ |
55 | file://CVE-2019-15939.patch \ | 55 | file://CVE-2019-15939.patch \ |
56 | file://CVE-2019-19624.patch \ | 56 | file://CVE-2019-19624.patch \ |
57 | file://CVE-2019-5063_and_2019-5064.patch \ | ||
57 | " | 58 | " |
58 | PV = "4.1.0" | 59 | PV = "4.1.0" |
59 | 60 | ||