summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorJackie Huang <jackie.huang@windriver.com>2017-08-17 14:44:27 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-08-18 23:46:37 +0100
commit768cd2beff0949bbe1bd07f2dc0d46ba105ca875 (patch)
tree6b525afc62e6b2b33d058d09a8842e631dc1208b /meta
parent0782f4fce2450fbeb40e351b49cc000b00b98aae (diff)
downloadpoky-768cd2beff0949bbe1bd07f2dc0d46ba105ca875.tar.gz
libsndfile1: Fix CVE-2017-8361 and CVE-2017-8365
Backport the patch to fix two CVEs: CVE-2017-8361: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVE-2017-8365: The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-8361 https://nvd.nist.gov/vuln/detail/CVE-2017-8365 (From OE-Core rev: d92877ade8fd4dd9b548c6b664bf4357a1f9428a) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch73
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb1
2 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch
new file mode 100644
index 0000000000..ac99516bb3
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch
@@ -0,0 +1,73 @@
1From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
2From: Erik de Castro Lopo <erikd@mega-nerd.com>
3Date: Wed, 12 Apr 2017 19:45:30 +1000
4Subject: [PATCH] FLAC: Fix a buffer read overrun
5
6Buffer read overrun occurs when reading a FLAC file that switches
7from 2 channels to one channel mid-stream. Only option is to
8abort the read.
9
10Closes: https://github.com/erikd/libsndfile/issues/230
11
12CVE: CVE-2017-8361 CVE-2017-8365
13
14Upstream-Status: Backport [https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3]
15
16Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
17---
18 src/common.h | 1 +
19 src/flac.c | 13 +++++++++++++
20 src/sndfile.c | 1 +
21 3 files changed, 15 insertions(+)
22
23diff --git a/src/common.h b/src/common.h
24index 0bd810c..e2669b6 100644
25--- a/src/common.h
26+++ b/src/common.h
27@@ -725,6 +725,7 @@ enum
28 SFE_FLAC_INIT_DECODER,
29 SFE_FLAC_LOST_SYNC,
30 SFE_FLAC_BAD_SAMPLE_RATE,
31+ SFE_FLAC_CHANNEL_COUNT_CHANGED,
32 SFE_FLAC_UNKOWN_ERROR,
33
34 SFE_WVE_NOT_WVE,
35diff --git a/src/flac.c b/src/flac.c
36index 84de0e2..986a7b8 100644
37--- a/src/flac.c
38+++ b/src/flac.c
39@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
40
41 switch (metadata->type)
42 { case FLAC__METADATA_TYPE_STREAMINFO :
43+ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
44+ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
45+ "Nothing to be but to error out.\n" ,
46+ psf->sf.channels, metadata->data.stream_info.channels) ;
47+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
48+ return ;
49+ } ;
50+
51+ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
52+ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
53+ "Carrying on as if nothing happened.",
54+ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
55+ } ;
56 psf->sf.channels = metadata->data.stream_info.channels ;
57 psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
58 psf->sf.frames = metadata->data.stream_info.total_samples ;
59diff --git a/src/sndfile.c b/src/sndfile.c
60index 4187561..e2a87be 100644
61--- a/src/sndfile.c
62+++ b/src/sndfile.c
63@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
64 { SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." },
65 { SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." },
66 { SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
67+ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
68 { SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." },
69
70 { SFE_WVE_NOT_WVE , "Error : not a WVE file." },
71--
722.7.4
73
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index e6a92a2a41..f80ce2fc99 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -7,6 +7,7 @@ LICENSE = "LGPLv2.1"
7 7
8SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \ 8SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
9 file://CVE-2017-6892.patch \ 9 file://CVE-2017-6892.patch \
10 file://CVE-2017-8361-8365.patch \
10 " 11 "
11 12
12SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" 13SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"