[mapserver-commits] [MapServer/MapServer] 2c4dd8: mapshape: remove useless null terminator

Even Rouault noreply at github.com
Tue May 4 12:58:09 PDT 2021 

  Branch: refs/heads/main
  Home:   https://github.com/MapServer/MapServer
  Commit: 2c4dd8143f53e05ea8701e2b39a3d8cc35484e3b
      https://github.com/MapServer/MapServer/commit/2c4dd8143f53e05ea8701e2b39a3d8cc35484e3b
  Author: Max Kellermann <max.kellermann at gmail.com>
  Date:   2021-05-04 (Tue, 04 May 2021)

  Changed paths:
    M mapshape.c

  Log Message:
  -----------
  mapshape: remove useless null terminator

It's pointless to null-terminate the buffer if strcpy() overwrites it.


  Commit: 2c4fe1dc2941c588a1e7cc7d2e1481b030190c2d
      https://github.com/MapServer/MapServer/commit/2c4fe1dc2941c588a1e7cc7d2e1481b030190c2d
  Author: Max Kellermann <max.kellermann at gmail.com>
  Date:   2021-05-04 (Tue, 04 May 2021)

  Changed paths:
    M mapshape.c

  Log Message:
  -----------
  mapshape: validate numshapes

If the value is implausible, refuse to parse the file, because that
value will be used later in memory allocations.  I used the same limit
as in msSHPOpen().

DoS vulnerability found with libFuzzer.


  Commit: 67d7e9eeedc73cf8ef14bdf4a0d230a1cfda61fd
      https://github.com/MapServer/MapServer/commit/67d7e9eeedc73cf8ef14bdf4a0d230a1cfda61fd
  Author: Max Kellermann <max.kellermann at gmail.com>
  Date:   2021-05-04 (Tue, 04 May 2021)

  Changed paths:
    M mapshape.c
    M mapxbase.c

  Log Message:
  -----------
  mapshape, mapxbase: fix several memory leaks in error code paths

Leak bug found with libFuzzer.


  Commit: 7c77153e7d767be858590c8492fe58bbc14dc6e0
      https://github.com/MapServer/MapServer/commit/7c77153e7d767be858590c8492fe58bbc14dc6e0
  Author: Max Kellermann <max.kellermann at gmail.com>
  Date:   2021-05-04 (Tue, 04 May 2021)

  Changed paths:
    M mapxbase.c

  Log Message:
  -----------
  mapxbase: validate nHeadLen

Make sure the "nFields" formula doesn't underflow, leading to a
multi-gigabyte memory allocation and probably a heap buffer overflow.

Vulnerability found with libFuzzer.


  Commit: 9a41ef41cb20fe7459c8e244c229b15c9d4cad79
      https://github.com/MapServer/MapServer/commit/9a41ef41cb20fe7459c8e244c229b15c9d4cad79
  Author: Even Rouault <even.rouault at spatialys.com>
  Date:   2021-05-04 (Tue, 04 May 2021)

  Changed paths:
    M mapshape.c
    M mapxbase.c

  Log Message:
  -----------
  Merge pull request #6319 from MaxKellermann/fuzzer

Fixes for several security vulnerabilities found with libFuzzer


Compare: https://github.com/MapServer/MapServer/compare/9a81e82eab13...9a41ef41cb20

More information about the mapserver-commits mailing list