pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q4]: pkgsrc/audio/amarok pullup ticket #2632 - requested b...
details: https://anonhg.NetBSD.org/pkgsrc/rev/72dc6b17a2ae
branches: pkgsrc-2008Q4
changeset: 552228:72dc6b17a2ae
user: rtr <rtr%pkgsrc.org@localhost>
date: Wed Jan 14 06:46:53 2009 +0000
description:
pullup ticket #2632 - requested by wiz
amarok: fix possible buffer overflows
revisions pulled up:
pkgsrc/audio/amarok/Makefile 1.69
pkgsrc/audio/amarok/distinfo 1.36
pkgsrc/audio/amarok/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jan 12 12:33:40 UTC 2009
Modified Files:
pkgsrc/audio/amarok: Makefile distinfo
Added Files:
pkgsrc/audio/amarok/patches: patch-ad
Log Message:
Fix security problem:
* Fix possible buffer overflows when parsing Audible .aa files.
Bump PKGREVISION.
diffstat:
audio/amarok/Makefile | 3 +-
audio/amarok/distinfo | 3 +-
audio/amarok/patches/patch-ad | 89 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 93 insertions(+), 2 deletions(-)
diffs (119 lines):
diff -r fb6920652bdb -r 72dc6b17a2ae audio/amarok/Makefile
--- a/audio/amarok/Makefile Tue Jan 13 18:46:24 2009 +0000
+++ b/audio/amarok/Makefile Wed Jan 14 06:46:53 2009 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.67 2008/08/15 12:52:57 wiz Exp $
+# $NetBSD: Makefile,v 1.67.6.1 2009/01/14 06:46:53 rtr Exp $
DISTNAME= amarok-${VERSION}
VERSION= 1.4.10
+PKGREVISION= 1
CATEGORIES= audio kde
MASTER_SITES= ${MASTER_SITE_KDE:=amarok/${VERSION}/src/}
EXTRACT_SUFX= .tar.bz2
diff -r fb6920652bdb -r 72dc6b17a2ae audio/amarok/distinfo
--- a/audio/amarok/distinfo Tue Jan 13 18:46:24 2009 +0000
+++ b/audio/amarok/distinfo Wed Jan 14 06:46:53 2009 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.35 2008/09/22 05:35:20 wiz Exp $
+$NetBSD: distinfo,v 1.35.4.1 2009/01/14 06:46:53 rtr Exp $
SHA1 (amarok-1.4.10.tar.bz2) = cb0bebe99c6f4dc1b01601f2f3aee3a86da08fbd
RMD160 (amarok-1.4.10.tar.bz2) = f86c71dd0459e0cf1ff586cd6de240ca6501cf62
Size (amarok-1.4.10.tar.bz2) = 12812583 bytes
SHA1 (patch-aa) = 53316f334f45a8a4780ae71061d528374a75cb5a
SHA1 (patch-ab) = 91097c1d901fb66c5c8e593005c462b1874f50bf
+SHA1 (patch-ad) = eea8105897ce4cd9d4a086430ec0588125b3517b
diff -r fb6920652bdb -r 72dc6b17a2ae audio/amarok/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/amarok/patches/patch-ad Wed Jan 14 06:46:53 2009 +0000
@@ -0,0 +1,89 @@
+$NetBSD: patch-ad,v 1.1.2.2 2009/01/14 06:46:53 rtr Exp $
+
+Security fix, SVN r908415 from upstream 1.4.x branch.
+
+--- amarok/src/metadata/audible/audibletag.cpp.orig 2008-08-13 23:21:51.000000000 +0200
++++ amarok/src/metadata/audible/audibletag.cpp
+@@ -71,7 +71,8 @@ void Audible::Tag::readTags( FILE *fp )
+ {
+ char buf[1023];
+ fseek(fp, OFF_PRODUCT_ID, SEEK_SET);
+- fread(buf, strlen("product_id"), 1, fp);
++ if (fread(buf, strlen("product_id"), 1, fp) != 1)
++ return;
+ if(memcmp(buf, "product_id", strlen("product_id")))
+ {
+ buf[20]='\0';
+@@ -130,24 +131,65 @@ void Audible::Tag::readTags( FILE *fp )
+
+ bool Audible::Tag::readTag( FILE *fp, char **name, char **value)
+ {
++ // arbitrary value that has to be smaller than 2^32-1 and that should be large enough for all tags
++ const uint32_t maxtaglen = 100000;
++
+ uint32_t nlen;
+- fread(&nlen, sizeof(nlen), 1, fp);
++ if (fread(&nlen, sizeof(nlen), 1, fp) != 1)
++ return false;
+ nlen = ntohl(nlen);
+ //fprintf(stderr, "tagname len=%x\n", (unsigned)nlen);
+- *name = new char[nlen+1];
+- (*name)[nlen] = '\0';
++ if (nlen > maxtaglen)
++ return false;
+
+ uint32_t vlen;
+- fread(&vlen, sizeof(vlen), 1, fp);
++ if (fread(&vlen, sizeof(vlen), 1, fp) != 1)
++ return false;
+ vlen = ntohl(vlen);
+ //fprintf(stderr, "tag len=%x\n", (unsigned)vlen);
++ if (vlen > maxtaglen)
++ return false;
++
++ *name = new char[nlen+1];
++ if (!*name)
++ return false;
++
+ *value = new char[vlen+1];
++ if (!*value)
++ {
++ delete[] *name;
++ *name = 0;
++ return false;
++ }
++
++ (*name)[nlen] = '\0';
+ (*value)[vlen] = '\0';
+
+- fread(*name, nlen, 1, fp);
+- fread(*value, vlen, 1, fp);
++ if (fread(*name, nlen, 1, fp) != 1)
++ {
++ delete[] *name;
++ *name = 0;
++ delete[] *value;
++ *value = 0;
++ return false;
++ }
++ if (fread(*value, vlen, 1, fp) != 1)
++ {
++ delete[] *name;
++ *name = 0;
++ delete[] *value;
++ *value = 0;
++ return false;
++ }
+ char lasttag;
+- fread(&lasttag, 1, 1, fp);
++ if (fread(&lasttag, 1, 1, fp) != 1)
++ {
++ delete[] *name;
++ *name = 0;
++ delete[] *value;
++ *value = 0;
++ return false;
++ }
+ //fprintf(stderr, "%s: \"%s\"\n", *name, *value);
+
+ m_tagsEndOffset += 2 * 4 + nlen + vlen + 1;
Home |
Main Index |
Thread Index |
Old Index