diff options
author | Li Wang <li.wang@windriver.com> | 2022-03-25 13:48:41 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-03 20:49:03 +0100 |
commit | 6e1ca0e922e7aee3eb945c0f04a2ace1c8b36100 (patch) | |
tree | 86997b639cce65aaa581f2c3825cf04f86965ba9 /meta/recipes-multimedia/flac | |
parent | d4cc78784b5ab4d68ef2883653f67da676154d8c (diff) | |
download | poky-6e1ca0e922e7aee3eb945c0f04a2ace1c8b36100.tar.gz |
flac: fix CVE-2021-0561
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is
a possible out of bounds write due to a missing bounds check. This
could lead to local information disclosure with no additional
execution privileges needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-0561
Upstream patches:
https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be
(From OE-Core rev: 76d5c8d876f78d86e755c12360d41e40154eca0b)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/flac')
-rw-r--r-- | meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch | 41 | ||||
-rw-r--r-- | meta/recipes-multimedia/flac/flac_1.3.3.bb | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch b/meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch new file mode 100644 index 0000000000..b48663ae42 --- /dev/null +++ b/meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be Mon Sep 17 00:00:00 2001 | ||
2 | From: Neelkamal Semwal <neelkamal.semwal@ittiam.com> | ||
3 | Date: Fri, 18 Dec 2020 22:28:36 +0530 | ||
4 | Subject: [PATCH] libFlac: Exit at EOS in verify mode | ||
5 | |||
6 | When verify mode is enabled, once decoder flags end of stream, | ||
7 | encode processing is considered complete. | ||
8 | |||
9 | CVE-2021-0561 | ||
10 | |||
11 | Signed-off-by: Ralph Giles <giles@thaumas.net> | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | CVE: CVE-2021-0561 | ||
15 | |||
16 | Reference to upstream patch: | ||
17 | https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be | ||
18 | |||
19 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
20 | --- | ||
21 | src/libFLAC/stream_encoder.c | 4 +++- | ||
22 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
23 | |||
24 | diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c | ||
25 | index 74387ec..8bb0ef3 100644 | ||
26 | --- a/src/libFLAC/stream_encoder.c | ||
27 | +++ b/src/libFLAC/stream_encoder.c | ||
28 | @@ -2610,7 +2610,9 @@ FLAC__bool write_bitbuffer_(FLAC__StreamEncoder *encoder, uint32_t samples, FLAC | ||
29 | encoder->private_->verify.needs_magic_hack = true; | ||
30 | } | ||
31 | else { | ||
32 | - if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)) { | ||
33 | + if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder) | ||
34 | + || (!is_last_block | ||
35 | + && (FLAC__stream_encoder_get_verify_decoder_state(encoder) == FLAC__STREAM_DECODER_END_OF_STREAM))) { | ||
36 | FLAC__bitwriter_release_buffer(encoder->private_->frame); | ||
37 | FLAC__bitwriter_clear(encoder->private_->frame); | ||
38 | if(encoder->protected_->state != FLAC__STREAM_ENCODER_VERIFY_MISMATCH_IN_AUDIO_DATA) | ||
39 | -- | ||
40 | 2.23.0 | ||
41 | |||
diff --git a/meta/recipes-multimedia/flac/flac_1.3.3.bb b/meta/recipes-multimedia/flac/flac_1.3.3.bb index cb6692aedf..d3c352cc44 100644 --- a/meta/recipes-multimedia/flac/flac_1.3.3.bb +++ b/meta/recipes-multimedia/flac/flac_1.3.3.bb | |||
@@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \ | |||
15 | DEPENDS = "libogg" | 15 | DEPENDS = "libogg" |
16 | 16 | ||
17 | SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \ | 17 | SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \ |
18 | file://CVE-2021-0561.patch \ | ||
18 | " | 19 | " |
19 | 20 | ||
20 | SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69" | 21 | SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69" |