[mapserver-commits] [MapServer/MapServer] 975539: mapshape: remove useless null terminator

Jeff McKenna noreply at github.com
Tue May 4 13:43:25 PDT 2021 

  Branch: refs/heads/branch-7-6
  Home:   https://github.com/MapServer/MapServer
  Commit: 9755395b72d1b05a87d5393f3cc937bdc3f1b587
      https://github.com/MapServer/MapServer/commit/9755395b72d1b05a87d5393f3cc937bdc3f1b587
  Author: Max Kellermann <max.kellermann at gmail.com>
  Date:   2021-05-04 (Tue, 04 May 2021)

  Changed paths:
    M mapshape.c

  Log Message:
  -----------
  mapshape: remove useless null terminator

It's pointless to null-terminate the buffer if strcpy() overwrites it.


  Commit: b5c0e29ea2b8b0253e409cdba741f09246675e74
      https://github.com/MapServer/MapServer/commit/b5c0e29ea2b8b0253e409cdba741f09246675e74
  Author: Max Kellermann <max.kellermann at gmail.com>
  Date:   2021-05-04 (Tue, 04 May 2021)

  Changed paths:
    M mapshape.c

  Log Message:
  -----------
  mapshape: validate numshapes

If the value is implausible, refuse to parse the file, because that
value will be used later in memory allocations.  I used the same limit
as in msSHPOpen().

DoS vulnerability found with libFuzzer.


  Commit: 5e4c5046f294a67865a9d21afab2f212849b94d0
      https://github.com/MapServer/MapServer/commit/5e4c5046f294a67865a9d21afab2f212849b94d0
  Author: Max Kellermann <max.kellermann at gmail.com>
  Date:   2021-05-04 (Tue, 04 May 2021)

  Changed paths:
    M mapshape.c
    M mapxbase.c

  Log Message:
  -----------
  mapshape, mapxbase: fix several memory leaks in error code paths

Leak bug found with libFuzzer.


  Commit: ee5d5de5140ee9b42b817f93f74741c64eebca30
      https://github.com/MapServer/MapServer/commit/ee5d5de5140ee9b42b817f93f74741c64eebca30
  Author: Max Kellermann <max.kellermann at gmail.com>
  Date:   2021-05-04 (Tue, 04 May 2021)

  Changed paths:
    M mapxbase.c

  Log Message:
  -----------
  mapxbase: validate nHeadLen

Make sure the "nFields" formula doesn't underflow, leading to a
multi-gigabyte memory allocation and probably a heap buffer overflow.

Vulnerability found with libFuzzer.


  Commit: b466b01a11f8ce2997d3d036a4523954028a89f5
      https://github.com/MapServer/MapServer/commit/b466b01a11f8ce2997d3d036a4523954028a89f5
  Author: Jeff McKenna <jmckenna at gatewaygeomatics.com>
  Date:   2021-05-04 (Tue, 04 May 2021)

  Changed paths:
    M mapshape.c
    M mapxbase.c

  Log Message:
  -----------
  Merge pull request #6320 from rouault/backport_pr_6319

[Backport 7.6]  Fixes for several security vulnerabilities found with libFuzzer


Compare: https://github.com/MapServer/MapServer/compare/782ee8bacb7f...b466b01a11f8

More information about the mapserver-commits mailing list