diff options
author | Jackie Huang <jackie.huang@windriver.com> | 2017-08-17 14:44:29 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-08-18 23:46:38 +0100 |
commit | 3577a8277e151b00e63825f9154f19e91496bbaf (patch) | |
tree | 15c432e22f7a682b0a18e1791ff27516d17a66ae /meta/recipes-multimedia | |
parent | 0bead4042320351d39f81b8cf7281e91c777aa7d (diff) | |
download | poky-3577a8277e151b00e63825f9154f19e91496bbaf.tar.gz |
libsndfile1: Fix CVE-2017-8363
Backport the patch to fix CVE-2017-8363:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8363
(From OE-Core rev: 9cc9956c5ed09f9016cb23bd763652e5ab55f3cd)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia')
-rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8363.patch | 37 | ||||
-rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8363.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8363.patch new file mode 100644 index 0000000000..e526e5a346 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8363.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From cd7da8dbf6ee4310d21d9e44b385d6797160d9e8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Erik de Castro Lopo <erikd@mega-nerd.com> | ||
3 | Date: Wed, 12 Apr 2017 20:19:34 +1000 | ||
4 | Subject: [PATCH] src/flac.c: Fix another memory leak | ||
5 | |||
6 | When the FLAC decoder was passed a malformed file, the associated | ||
7 | `FLAC__StreamDecoder` object was not getting released. | ||
8 | |||
9 | Closes: https://github.com/erikd/libsndfile/issues/233 | ||
10 | |||
11 | CVE: CVE-2017-8363 | ||
12 | |||
13 | Upstream-Status: Backport [https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8] | ||
14 | |||
15 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | ||
16 | --- | ||
17 | src/flac.c | 4 +++- | ||
18 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/src/flac.c b/src/flac.c | ||
21 | index 986a7b8..5a4f8c2 100644 | ||
22 | --- a/src/flac.c | ||
23 | +++ b/src/flac.c | ||
24 | @@ -841,7 +841,9 @@ flac_read_header (SF_PRIVATE *psf) | ||
25 | |||
26 | psf_log_printf (psf, "End\n") ; | ||
27 | |||
28 | - if (psf->error == 0) | ||
29 | + if (psf->error != 0) | ||
30 | + FLAC__stream_decoder_delete (pflac->fsd) ; | ||
31 | + else | ||
32 | { FLAC__uint64 position ; | ||
33 | |||
34 | FLAC__stream_decoder_get_decode_position (pflac->fsd, &position) ; | ||
35 | -- | ||
36 | 2.7.4 | ||
37 | |||
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index 2bd51b1cd9..281ac82e39 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | |||
@@ -9,6 +9,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \ | |||
9 | file://CVE-2017-6892.patch \ | 9 | file://CVE-2017-6892.patch \ |
10 | file://CVE-2017-8361-8365.patch \ | 10 | file://CVE-2017-8361-8365.patch \ |
11 | file://CVE-2017-8362.patch \ | 11 | file://CVE-2017-8362.patch \ |
12 | file://CVE-2017-8363.patch \ | ||
12 | " | 13 | " |
13 | 14 | ||
14 | SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" | 15 | SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" |