summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--MANIFEST1
-rw-r--r--src/H5Osdspace.c19
-rw-r--r--tools/test/h5repack/CMakeTests.cmake6
-rw-r--r--tools/test/h5repack/h5repack.sh.in34
-rw-r--r--tools/test/h5repack/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5bin0 -> 7648 bytes
5 files changed, 53 insertions, 7 deletions
diff --git a/MANIFEST b/MANIFEST
index 336594b..94ddf24 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -2760,6 +2760,7 @@
./tools/test/h5repack/testfiles/h5repack_layout.h5-plugin_test.ddl
./tools/test/h5repack/testfiles/h5repack_layout.h5-plugin_version_test.ddl
./tools/test/h5repack/testfiles/h5repack_layout.h5-plugin_zero.ddl
+./tools/test/h5repack/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5
./tools/test/h5repack/testfiles/GS.h5repack_paged_nopersist.h5.ddl
./tools/test/h5repack/testfiles/S.h5repack_fsm_aggr_persist.h5.ddl
./tools/test/h5repack/testfiles/SP.h5repack_fsm_aggr_nopersist.h5.ddl
diff --git a/src/H5Osdspace.c b/src/H5Osdspace.c
index b34eb76..83702eb 100644
--- a/src/H5Osdspace.c
+++ b/src/H5Osdspace.c
@@ -138,8 +138,11 @@ H5O__sdspace_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UN
flags = *p++;
/* Get or determine the type of the extent */
- if (version >= H5O_SDSPACE_VERSION_2)
+ if (version >= H5O_SDSPACE_VERSION_2) {
sdim->type = (H5S_class_t)*p++;
+ if (sdim->type != H5S_SIMPLE && sdim->rank > 0)
+ HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, NULL, "invalid rank for scalar or NULL dataspace")
+ } /* end if */
else {
/* Set the dataspace type to be simple or scalar as appropriate */
if (sdim->rank > 0)
@@ -248,13 +251,15 @@ H5O__sdspace_encode(H5F_t *f, uint8_t *p, const void *_mesg)
*p++ = 0; /*reserved*/
} /* end else */
- /* Current & maximum dimensions */
- if (sdim->rank > 0) {
- for (u = 0; u < sdim->rank; u++)
- H5F_ENCODE_LENGTH(f, p, sdim->size[u]);
- if (flags & H5S_VALID_MAX) {
+ /* Encode dataspace dimensions for simple dataspaces */
+ if (H5S_SIMPLE == sdim->type) {
+ /* Encode current & maximum dimensions */
+ if (sdim->rank > 0) {
for (u = 0; u < sdim->rank; u++)
- H5F_ENCODE_LENGTH(f, p, sdim->max[u]);
+ H5F_ENCODE_LENGTH(f, p, sdim->size[u]);
+ if (flags & H5S_VALID_MAX)
+ for (u = 0; u < sdim->rank; u++)
+ H5F_ENCODE_LENGTH(f, p, sdim->max[u]);
} /* end if */
} /* end if */
diff --git a/tools/test/h5repack/CMakeTests.cmake b/tools/test/h5repack/CMakeTests.cmake
index af73b75..81d619c 100644
--- a/tools/test/h5repack/CMakeTests.cmake
+++ b/tools/test/h5repack/CMakeTests.cmake
@@ -51,6 +51,7 @@
${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_named_dtypes.h5
${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_nested_8bit_enum.h5
${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_nested_8bit_enum_deflated.h5
+ ${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5
${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_nbit.h5
${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_objs.h5
${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_refs.h5
@@ -1549,6 +1550,11 @@
# Note: this test is experimental for sharing test file among tools
ADD_H5_TEST (HDFFV-7840 "TEST" h5diff_attr1.h5)
+# test CVE-2018-17432 fix
+ set (arg h5repack_HDFFV-10590_CVE-2018-17432.h5 h5repack_HDFFV-10590_CVE-2018-17432_out.h5 --low=1 --high=2 -f GZIP=8 -l dset1:CHUNK=5x6)
+ set (TESTTYPE "TEST")
+ ADD_H5_FILTER_TEST (HDFFV-10590 "" ${TESTTYPE} 1 ${arg})
+
# tests for metadata block size option ('-M')
ADD_H5_TEST_META (meta_short h5repack_layout.h5 -M 8192)
ADD_H5_TEST_META (meta_long h5repack_layout.h5 --metadata_block_size=8192)
diff --git a/tools/test/h5repack/h5repack.sh.in b/tools/test/h5repack/h5repack.sh.in
index a95a22e..3764081 100644
--- a/tools/test/h5repack/h5repack.sh.in
+++ b/tools/test/h5repack/h5repack.sh.in
@@ -128,6 +128,8 @@ $SRC_H5REPACK_TESTFILES/h5repack_paged_nopersist.h5
$SRC_H5REPACK_TESTFILES/h5repack_paged_persist.h5
########h5diff/testfile########
$SRC_H5DIFF_TESTFILES/h5diff_attr1.h5
+########test#HDFFV-10590########
+$SRC_H5REPACK_TESTFILES/h5repack_HDFFV-10590_CVE-2018-17432.h5
########tools/testfiles#for#external#links########
$SRC_TOOLS_TESTFILES/tsoftlinks.h5
$SRC_TOOLS_TESTFILES/textlinkfar.h5
@@ -865,6 +867,34 @@ TOOLTESTV()
rm -f $outfile
}
+# Same as TOOLTEST, but expects h5repack fails
+#
+TOOLTEST_FAIL()
+{
+ infile=$1
+ outfile=$2
+ expect="$TESTDIR/$2-$1.ddl"
+ actual="$TESTDIR/$2-$1.out"
+ actual_err="$TESTDIR/$2-$1.err"
+ shift
+ shift
+
+ # Run test.
+ TESTING $H5REPACK $@
+ (
+ cd $TESTDIR
+ $ENVCMD $RUNSERIAL $H5REPACK_BIN "$@" $infile $outfile
+ ) >$actual
+ RET=$?
+ if [ $RET == 0 ] ; then
+ nerrors="`expr $nerrors + 1`"
+ echo " FAILED"
+ else
+ echo " PASSED"
+ fi
+ rm -f $outfile
+}
+
# This is same as TOOLTESTV() with comparing display output
# with actual filename swapped
#
@@ -1681,6 +1711,10 @@ TOOLTEST HDFFV-5932 h5repack_attr_refs.h5
# Note: this test is experimental for sharing test file among tools
TOOLTEST HDFFV-7840 h5diff_attr1.h5
+# test HDFFV-10590
+arg="h5repack_HDFFV-10590_CVE-2018-17432.h5 h5repack_HDFFV-10590_CVE-2018-17432_out.h5 --low=1 --high=2 -f GZIP=8 -l dset1:CHUNK=5x6"
+TOOLTEST_FAIL $arg
+
# tests for metadata block size option
TOOLTEST_META meta_short h5repack_layout.h5 -M 8192
TOOLTEST_META meta_long h5repack_layout.h5 --metadata_block_size=8192
diff --git a/tools/test/h5repack/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5 b/tools/test/h5repack/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5
new file mode 100644
index 0000000..7a815ba
--- /dev/null
+++ b/tools/test/h5repack/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5
Binary files differ