File CVE-2018-19060.patch of Package poppler-qt5.29065
From d2f5d424ba8752f9a9e9dad410546ec1b46caa0a Mon Sep 17 00:00:00 2001
From: Adam Reichold <adam.reichold@t-online.de>
Date: Tue, 6 Nov 2018 09:08:06 +0100
Subject: [PATCH] pdfdetach: Check for valid file name of embedded file before
using it to determine save path.
Closes #660
---
utils/pdfdetach.cc | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
Index: poppler-0.62.0/utils/pdfdetach.cc
===================================================================
--- poppler-0.62.0.orig/utils/pdfdetach.cc 2019-03-20 11:10:11.929383424 +0000
+++ poppler-0.62.0/utils/pdfdetach.cc 2019-03-20 11:10:24.075423128 +0000
@@ -189,14 +189,18 @@ int main(int argc, char *argv[]) {
fileSpec = static_cast<FileSpec *>(embeddedFiles->get(i));
printf("%d: ", i+1);
s1 = fileSpec->getFileName();
- if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) {
+ if (!s1) {
+ exitCode = 3;
+ goto err2;
+ }
+ if (s1->hasUnicodeMarker()) {
isUnicode = gTrue;
j = 2;
} else {
isUnicode = gFalse;
j = 0;
}
- while (j < fileSpec->getFileName()->getLength()) {
+ while (j < s1->getLength()) {
if (isUnicode) {
u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff);
j += 2;
@@ -226,14 +230,18 @@ int main(int argc, char *argv[]) {
p = path;
}
s1 = fileSpec->getFileName();
- if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) {
+ if (!s1) {
+ exitCode = 3;
+ goto err2;
+ }
+ if (s1->hasUnicodeMarker()) {
isUnicode = gTrue;
j = 2;
} else {
isUnicode = gFalse;
j = 0;
}
- while (j < fileSpec->getFileName()->getLength()) {
+ while (j < s1->getLength()) {
if (isUnicode) {
u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff);
j += 2;
@@ -269,14 +277,18 @@ int main(int argc, char *argv[]) {
} else {
p = path;
s1 = fileSpec->getFileName();
- if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) {
+ if (!s1) {
+ exitCode = 3;
+ goto err2;
+ }
+ if (s1->hasUnicodeMarker()) {
isUnicode = gTrue;
j = 2;
} else {
isUnicode = gFalse;
j = 0;
}
- while (j < fileSpec->getFileName()->getLength()) {
+ while (j < s1->getLength()) {
if (isUnicode) {
u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff);
j += 2;