From 666a205254d095947de95670f014fe30137c0014 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikola=20Forr=C3=B3?= Date: Thu, 6 Dec 2018 14:59:10 +0100 Subject: [PATCH 08/10] Fix CVE-2018-17101 --- tools/pal2rgb.c | 18 +++++++++++++++++- tools/tiff2bw.c | 18 +++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c index 426bbc0..994757a 100644 --- a/tools/pal2rgb.c +++ b/tools/pal2rgb.c @@ -389,7 +389,23 @@ cpTags(TIFF* in, TIFF* out) { struct cpTag *p; for (p = tags; p < &tags[NTAGS]; p++) - cpTag(in, out, p->tag, p->count, p->type); + { + if( p->tag == TIFFTAG_GROUP3OPTIONS ) + { + uint16 compression; + if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || + compression != COMPRESSION_CCITTFAX3 ) + continue; + } + if( p->tag == TIFFTAG_GROUP4OPTIONS ) + { + uint16 compression; + if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || + compression != COMPRESSION_CCITTFAX4 ) + continue; + } + cpTag(in, out, p->tag, p->count, p->type); + } } #undef NTAGS diff --git a/tools/tiff2bw.c b/tools/tiff2bw.c index 02605df..53067e7 100644 --- a/tools/tiff2bw.c +++ b/tools/tiff2bw.c @@ -427,7 +427,23 @@ cpTags(TIFF* in, TIFF* out) { struct cpTag *p; for (p = tags; p < &tags[NTAGS]; p++) - cpTag(in, out, p->tag, p->count, p->type); + { + if( p->tag == TIFFTAG_GROUP3OPTIONS ) + { + uint16 compression; + if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || + compression != COMPRESSION_CCITTFAX3 ) + continue; + } + if( p->tag == TIFFTAG_GROUP4OPTIONS ) + { + uint16 compression; + if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || + compression != COMPRESSION_CCITTFAX4 ) + continue; + } + cpTag(in, out, p->tag, p->count, p->type); + } } #undef NTAGS -- 2.17.2