From d26748dd8fb90b0af8c9344615f65d273dc66f93 Mon Sep 17 00:00:00 2001

From: Su_Laus <sulau@freenet.de>

Date: Mon, 15 Aug 2022 22:11:03 +0200

Subject: [PATCH] =?UTF-8?q?(CVE-2022-2519=20CVE-2022-2520=20CVE-2022-2521?=

 =?UTF-8?q?=20CVE-2022-2953)=20According=20to=20Richard=20Nolde=20https://?=

 =?UTF-8?q?gitlab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the?=

 =?UTF-8?q?=20tiffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutua?=

 =?UTF-8?q?lly=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),?=

 =?UTF-8?q?=20-Z=20and=20-z.?=

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

This is now checked and ends tiffcrop if those arguments are not mutually exclusive.

This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424

(cherry picked from commit 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf)

---

 tools/tiffcrop.c | 31 +++++++++++++++++++++++--------

 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c

index 5801b8f6..27e6f81c 100644

--- a/tools/tiffcrop.c

+++ b/tools/tiffcrop.c

@@ -104,7 +104,10 @@

  *                includes annotations for image parameters and scanline info. Level

  *                selects which functions dump data, with higher numbers selecting

  *                lower level, scanline level routines. Debug reports a limited set

- *                of messages to monitor progess without enabling dump logs.

+ *                of messages to monitor progress without enabling dump logs.

+ *

+ * Note:    The (-X|-Y), -Z, -z and -S options are mutually exclusive.

+ *          In no case should the options be applied to a given selection successively.

  */

 static   char tiffcrop_version_id[] = "2.4";

@@ -177,12 +180,12 @@ extern int getopt(int argc, char * const argv[], const char *optstring);

 #define ROTATECW_270 32

 #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270)

-#define CROP_NONE     0

-#define CROP_MARGINS  1

-#define CROP_WIDTH    2

-#define CROP_LENGTH   4

-#define CROP_ZONES    8

-#define CROP_REGIONS 16

+#define CROP_NONE     0     /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */

+#define CROP_MARGINS  1     /* "-m" */

+#define CROP_WIDTH    2     /* "-X" */

+#define CROP_LENGTH   4     /* "-Y" */

+#define CROP_ZONES    8     /* "-Z" */

+#define CROP_REGIONS 16     /* "-z" */

 #define CROP_ROTATE  32

 #define CROP_MIRROR  64

 #define CROP_INVERT 128

@@ -320,7 +323,7 @@ struct crop_mask {

 #define PAGE_MODE_RESOLUTION   1

 #define PAGE_MODE_PAPERSIZE    2

 #define PAGE_MODE_MARGINS      4

-#define PAGE_MODE_ROWSCOLS     8

+#define PAGE_MODE_ROWSCOLS     8    /* for -S option */

 #define INVERT_DATA_ONLY      10

 #define INVERT_DATA_AND_TAG   11

@@ -751,6 +754,8 @@ static   char* usage_info[] = {

 "             The four debug/dump options are independent, though it makes little sense to",

 "             specify a dump file without specifying a detail level.",

 " ",

+"Note:        The (-X|-Y), -Z, -z and -S options are mutually exclusive."

+" ",

 NULL

 };

@@ -2099,6 +2104,16 @@ void  process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32

 		/*NOTREACHED*/

       }

     }

+    /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/

+    char XY, Z, R, S;

+    XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));

+    Z = (crop_data->crop_mode & CROP_ZONES);

+    R = (crop_data->crop_mode & CROP_REGIONS);

+    S = (page->mode & PAGE_MODE_ROWSCOLS);

+    if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {

+        TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");

+        exit(EXIT_FAILURE);

+    }

   }  /* end process_command_opts */

 /* Start a new output file if one has not been previously opened or