diff options
| -rw-r--r-- | meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch | 34 | ||||
| -rw-r--r-- | meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch new file mode 100644 index 0000000000..4877ba8b53 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From aa8f02729962a0ee5e9864de90871fa821f262be Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Mans Rullgard <mans@mansr.com> | ||
| 3 | Date: Tue, 4 Feb 2020 12:55:18 +0000 | ||
| 4 | Subject: [PATCH] sox-fmt: validate comments_bytes before use (CVE-2019-13590) | ||
| 5 | [bug #325] | ||
| 6 | |||
| 7 | Cap the comments size to 1 GB to avoid overflows in subsequent | ||
| 8 | arithmetic. | ||
| 9 | |||
| 10 | The missing null check mentioned in the bug report is bogus since | ||
| 11 | lsx_calloc() returns a valid pointer or aborts. | ||
| 12 | |||
| 13 | CVE: CVE-2019-13590 | ||
| 14 | Upstream-Status: Backport [https://github.com/mansr/sox/commit/7b6a889217d62ed7e28188621403cc7542fd1f7e] | ||
| 15 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 16 | --- | ||
| 17 | src/sox-fmt.c | 4 +++- | ||
| 18 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
| 19 | |||
| 20 | diff --git a/src/sox-fmt.c b/src/sox-fmt.c | ||
| 21 | index aad965c..11c8877 100644 | ||
| 22 | --- a/src/sox-fmt.c | ||
| 23 | +++ b/src/sox-fmt.c | ||
| 24 | @@ -46,7 +46,9 @@ static int startread(sox_format_t * ft) | ||
| 25 | lsx_readdw(ft, &comments_bytes)) | ||
| 26 | return SOX_EOF; | ||
| 27 | |||
| 28 | - if (((headers_bytes + 4) & 7) || headers_bytes < FIXED_HDR + comments_bytes || | ||
| 29 | + if (((headers_bytes + 4) & 7) || | ||
| 30 | + comments_bytes > 0x40000000 || /* max 1 GB */ | ||
| 31 | + headers_bytes < FIXED_HDR + comments_bytes || | ||
| 32 | (num_channels > 65535)) /* Reserve top 16 bits */ { | ||
| 33 | lsx_fail_errno(ft, SOX_EHDR, "invalid sox file format header"); | ||
| 34 | return SOX_EOF; | ||
diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 917d1db1f7..2eb3adbf97 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb | |||
| @@ -38,6 +38,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ | |||
| 38 | file://CVE-2017-15372.patch \ | 38 | file://CVE-2017-15372.patch \ |
| 39 | file://CVE-2017-15642.patch \ | 39 | file://CVE-2017-15642.patch \ |
| 40 | file://CVE-2017-18189.patch \ | 40 | file://CVE-2017-18189.patch \ |
| 41 | file://CVE-2019-13590.patch \ | ||
| 41 | " | 42 | " |
| 42 | SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" | 43 | SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" |
| 43 | SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" | 44 | SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" |
