[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#836787: jessie-pu: package pypdf2/1.23+git20141008-1+deb8u1

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi Release Team,

A PyPDF2 user found a DoS, an infinite loop[1]. It has a reproducer
even. This affects Jessie as well (the Sid update is just uploaded).
Upstream fix is simple[2] and the Security Team noted this as no-dsa,
but can be updated via a Jessie PU.

Proposed patch is attached.

Thanks for considering,
Laszlo/GCS
[1] https://github.com/mstamy2/PyPDF2/issues/184
[2] https://github.com/mstamy2/PyPDF2/commit/4fc7f9d14adb2a9b890aea2616955ec54229f48c
diff -Nru pypdf2-1.23+git20141008/debian/changelog pypdf2-1.23+git20141008/debian/changelog
--- pypdf2-1.23+git20141008/debian/changelog	2014-10-25 21:00:12.000000000 +0000
+++ pypdf2-1.23+git20141008/debian/changelog	2016-09-05 17:50:32.000000000 +0000
@@ -1,3 +1,10 @@
+pypdf2 (1.23+git20141008-1+deb8u1) jessie; urgency=medium
+
+  * Backport fix 'prevent infinite loop in readObject() function' to prevent
+    DoS from upstream Git tree.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 05 Sep 2016 17:46:41 +0000
+
 pypdf2 (1.23+git20141008-1) unstable; urgency=low
 
   * Upstream snapshot with various bug fixes.
diff -Nru pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch
--- pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch	1970-01-01 00:00:00.000000000 +0000
+++ pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch	2016-09-05 17:49:22.000000000 +0000
@@ -0,0 +1,25 @@
+From 48193975e5a0e48ebbb68217f8533ad2bfbdede2 Mon Sep 17 00:00:00 2001
+From: Henri Salo <henri.salo@nixu.com>
+Date: Tue, 18 Aug 2015 13:42:22 +0300
+Subject: [PATCH] Prevent infinite loop in readObject() function. Patch by
+ dhudson1. Closes mstamy2/PyPDF2#184
+
+---
+ PyPDF2/generic.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/PyPDF2/generic.py b/PyPDF2/generic.py
+index df1e028..657612a 100644
+--- a/PyPDF2/generic.py
++++ b/PyPDF2/generic.py
+@@ -82,6 +82,10 @@ def readObject(stream, pdf):
+         # comment
+         while tok not in (b_('\r'), b_('\n')):
+             tok = stream.read(1)
++            # Prevents an infinite loop by raising an error if the stream is at
++            # the EOF
++            if len(tok) <= 0:
++                raise PdfStreamError("File ended unexpectedly.")
+         tok = readNonWhitespace(stream)
+         stream.seek(-1, 1)
+         return readObject(stream, pdf)
diff -Nru pypdf2-1.23+git20141008/debian/patches/series pypdf2-1.23+git20141008/debian/patches/series
--- pypdf2-1.23+git20141008/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ pypdf2-1.23+git20141008/debian/patches/series	2016-09-05 17:50:00.000000000 +0000
@@ -0,0 +1 @@
+Prevent_infinite_loop_in_readObject.patch
Reply to: