!2 libid3tag: fix CVE-2004-2779
Merge pull request !2 from daidai_is_here/dqw_test2
This commit is contained in:
openeuler-ci-bot
Gitee
commit
3e2056a2a4
38
CVE-2004-2779.patch
Normal file
38
CVE-2004-2779.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From: Karol Babioch <kbabioch@suse.com>
|
||||
Date: Tue Feb 20 17:52:15 CET 2018
|
||||
Upstream: dead
|
||||
References: https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/
|
||||
Subject: Fixes utf16 handling in case of an odd number of bytes
|
||||
|
||||
Fixes id3_utf16_deserialize() in utf16.c, which previously misparsed ID3v2 tags
|
||||
encoded in UTF-16 with an odd number of bytes, triggering an endless loop
|
||||
allocating memory until OOM leading to DoS. (CVE-2004-2779 bsc#1081959
|
||||
CVE-2017-11551 bsc#1081961)
|
||||
|
||||
---
|
||||
utf16.c | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
Index: libid3tag-0.15.1b/utf16.c
|
||||
===================================================================
|
||||
--- libid3tag-0.15.1b.orig/utf16.c
|
||||
+++ libid3tag-0.15.1b/utf16.c
|
||||
@@ -282,5 +282,18 @@ id3_ucs4_t *id3_utf16_deserialize(id3_by
|
||||
|
||||
free(utf16);
|
||||
|
||||
+ if (end == *ptr && length % 2 != 0)
|
||||
+ {
|
||||
+ /* We were called with a bogus length. It should always
|
||||
+ * be an even number. We can deal with this in a few ways:
|
||||
+ * - Always give an error.
|
||||
+ * - Try and parse as much as we can and
|
||||
+ * - return an error if we're called again when we
|
||||
+ * already tried to parse everything we can.
|
||||
+ * - tell that we parsed it, which is what we do here.
|
||||
+ */
|
||||
+ (*ptr)++;
|
||||
+ }
|
||||
+
|
||||
return ucs4;
|
||||
}
|
||||
@ -1,11 +1,12 @@
|
||||
Name: libid3tag
|
||||
Version: 0.15.1b
|
||||
Release: 18
|
||||
Release: 19
|
||||
Summary: ID3 tag manipulation library
|
||||
License: GPLv2+
|
||||
URL: http://www.underbit.com/products/mad/
|
||||
Source0: http://downloads.sourceforge.net/mad/%{name}-%{version}.tar.gz
|
||||
Patch0: libid3tag-0.15.1b-fix_overflow.patch
|
||||
Patch6000: CVE-2004-2779.patch
|
||||
BuildRequires: zlib-devel >= 1.1.4 libtool
|
||||
|
||||
%description
|
||||
@ -22,6 +23,7 @@ ID3 tag library development files.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p0 -b .CVE-2008-2109
|
||||
%patch6000 -p1
|
||||
touch NEWS AUTHORS ChangeLog
|
||||
autoreconf -i -f
|
||||
|
||||
@ -67,5 +69,11 @@ install -Dpm 644 %{name}.pc $RPM_BUILD_ROOT%{_libdir}/pkgconfig/id3tag.pc
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Dec 24 2019 daiqianwen<daiqianwen@huawei.com> - 0.15.1b-19
|
||||
- Type:cves
|
||||
- ID:CVE-2004-2779
|
||||
- SUG:restart
|
||||
- DESC: fix CVE-2004-2779
|
||||
|
||||
* Sat Dec 7 2018 openEuler Buildteam <buildteam@openeuler.org> - 0.15.1b-18
|
||||
- Package init
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user