Make H5O__fsinfo_decode() more resilient to out-of-bound reads. (#2229)

When decoding a file space info message in H5O__fsinfo_decode() make
sure each element to be decoded is still within the message. Malformed
hdf5 files may have trunkated content which does not match the
expected size. Checking this will prevent attempting to decode
unrelated data and heap overflows. So far, only free space manager
address data was checked before decoding.

This fixes CVE-2021-45830 / Bug #2228.

Signed-off-by: Egbert Eich <eich@suse.com>

Additions

Co-authored-by: Larry Knox <lrknox@hdfgroup.org>

1 files changed, 13 insertions, 0 deletions

diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 48fcc3b..bc04d93 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -172,6 +172,18 @@ Bug Fixes since HDF5-1.13.3 release
 ===================================
     Library
     -------
+    - Fix CVE-2021-45830 / GHSA-5h2h-fjjr-x9m2
+
+      Make H5O__fsinfo_decode() more resilient to out-of-bound reads.
+
+      When decoding a file space info message in H5O__fsinfo_decode()  make
+      sure each element to be decoded is still within the message. Malformed
+      hdf5 files may have trunkated content which does not match the
+      expected size. Checking this will prevent attempting to decode
+      unrelated data and heap overflows. So far, only free space manager
+      address data was checked before decoding.
+
+      (EFE - 2022/10/05 GH-2228)
 
     - Fix CVE-2018-17439 / GHSA-vcxv-vp43-rch7
 
@@ -185,6 +197,7 @@ Bug Fixes since HDF5-1.13.3 release
 
       (EFE - 2022/09/27 HDFFV-10589, GH-2226)
 
+
     Java Library
     ------------
     -