diff options
| author | Ross Burton <ross.burton@intel.com> | 2019-07-16 13:47:39 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-17 09:36:35 +0100 |
| commit | ab5a665612622f1106b37d1610ce5126aeabcb4c (patch) | |
| tree | 165e1aa54d31fffdddceaef1c51e31fefb4addb1 /meta/recipes-multimedia | |
| parent | 545858e6a0cc31794c5ad78f515716fb5d1ff757 (diff) | |
| download | poky-ab5a665612622f1106b37d1610ce5126aeabcb4c.tar.gz | |
libid3tag: handle unknown encodings (CVE-2017-11550)
(From OE-Core rev: 5090afc1b07e62f70ebcf63a7abb75b8552f0a52)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia')
| -rw-r--r-- | meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch | 39 | ||||
| -rw-r--r-- | meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch b/meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch new file mode 100644 index 0000000000..f0867b5f01 --- /dev/null +++ b/meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch | |||
| @@ -0,0 +1,39 @@ | |||
| 1 | In case of an unknown/invalid encoding, id3_parse_string() will | ||
| 2 | return NULL, but the return value wasn't checked resulting | ||
| 3 | in segfault in id3_ucs4_length(). This is the only place | ||
| 4 | the return value wasn't checked. | ||
| 5 | |||
| 6 | Patch taken from Debian: | ||
| 7 | https://sources.debian.org/patches/libid3tag/0.15.1b-14/11_unknown_encoding.dpatch/ | ||
| 8 | |||
| 9 | CVE: CVE-2017-11550 | ||
| 10 | Upstream-Status: Pending | ||
| 11 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
| 12 | |||
| 13 | diff -urNad libid3tag-0.15.1b~/compat.gperf libid3tag-0.15.1b/compat.gperf | ||
| 14 | --- libid3tag-0.15.1b~/compat.gperf 2004-01-23 09:41:32.000000000 +0000 | ||
| 15 | +++ libid3tag-0.15.1b/compat.gperf 2007-01-14 14:36:53.000000000 +0000 | ||
| 16 | @@ -236,6 +236,10 @@ | ||
| 17 | |||
| 18 | encoding = id3_parse_uint(&data, 1); | ||
| 19 | string = id3_parse_string(&data, end - data, encoding, 0); | ||
| 20 | + if (!string) | ||
| 21 | + { | ||
| 22 | + continue; | ||
| 23 | + } | ||
| 24 | |||
| 25 | if (id3_ucs4_length(string) < 4) { | ||
| 26 | free(string); | ||
| 27 | diff -urNad libid3tag-0.15.1b~/parse.c libid3tag-0.15.1b/parse.c | ||
| 28 | --- libid3tag-0.15.1b~/parse.c 2004-01-23 09:41:32.000000000 +0000 | ||
| 29 | +++ libid3tag-0.15.1b/parse.c 2007-01-14 14:37:34.000000000 +0000 | ||
| 30 | @@ -165,6 +165,9 @@ | ||
| 31 | case ID3_FIELD_TEXTENCODING_UTF_8: | ||
| 32 | ucs4 = id3_utf8_deserialize(ptr, length); | ||
| 33 | break; | ||
| 34 | + default: | ||
| 35 | + /* FIXME: Unknown encoding! Print warning? */ | ||
| 36 | + return NULL; | ||
| 37 | } | ||
| 38 | |||
| 39 | if (ucs4 && !full) { | ||
diff --git a/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb b/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb index 43edd3fe6a..0312a610c0 100644 --- a/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb +++ b/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb | |||
| @@ -14,6 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/mad/libid3tag-${PV}.tar.gz \ | |||
| 14 | file://obsolete_automake_macros.patch \ | 14 | file://obsolete_automake_macros.patch \ |
| 15 | file://0001-Fix-gperf-3.1-incompatibility.patch \ | 15 | file://0001-Fix-gperf-3.1-incompatibility.patch \ |
| 16 | file://10_utf16.patch \ | 16 | file://10_utf16.patch \ |
| 17 | file://unknown-encoding.patch \ | ||
| 17 | " | 18 | " |
| 18 | UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/" | 19 | UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/" |
| 19 | UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P<pver>.*)/$" | 20 | UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P<pver>.*)/$" |