guix-devel/gnu/packages/patches/libextractor-CVE-2018-20431.patch

Fix CVE-2018-20431:

https://gnunet.org/bugs/view.php?id=5494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431
https://security-tracker.debian.org/tracker/CVE-2018-20431

Patch copied from upstream source repository:

https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7

To apply the patch to libextractor 1.8 release tarball,
hunk #1 which patches ChangeLog is removed. 

From 489c4a540bb2c4744471441425b8932b97a153e7 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 20 Dec 2018 23:02:28 +0100
Subject: [PATCH] fix #5494

---
 ChangeLog                    | 3 ++-
 src/plugins/ole2_extractor.c | 9 +++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/plugins/ole2_extractor.c b/src/plugins/ole2_extractor.c
index 53fa1b9..a48b726 100644
--- a/src/plugins/ole2_extractor.c
+++ b/src/plugins/ole2_extractor.c
@@ -173,7 +173,7 @@ struct ProcContext
   EXTRACTOR_MetaDataProcessor proc;
 
   /**
-   * Closure for 'proc'.
+   * Closure for @e proc.
    */
   void *proc_cls;
 
@@ -213,7 +213,12 @@ process_metadata (gpointer key,
 
   if (G_VALUE_TYPE(gval) == G_TYPE_STRING)
     {
-      contents = strdup (g_value_get_string (gval));
+      const char *gvals;
+
+      gvals = g_value_get_string (gval);
+      if (NULL == gvals)
+        return;
+      contents = strdup (gvals);
     }
   else
     {
-- 
2.20.1