gstreamer1.0-rtsp-server: fix CVE-2024-44331

Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests. (From OE-Core rev: 3e7b7697ec32b0fa2808efcff4a6bd544261b3fe) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2025-02-07 15:41:13 +0000
committer: Steve Sakoman <steve@sakoman.com> 2025-02-14 06:38:54 -0800
commit: 1430219d5e066830ca12c9cacad514e1ff269ff4 (patch)
tree: d210cd8b2dac2904858a77ddc141c2fdc1974ee7 /meta
parent: f40fb67618936ab0328b5c5bc4b6222b7497824d (diff)
download: poky-1430219d5e066830ca12c9cacad514e1ff269ff4.tar.gz
2 files changed, 47 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch
new file mode 100644
index 0000000000..eea58d3538
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch
@@ -0,0 +1,44 @@
+From aa3e97d67c05d4648ea58c7ff7675e24a81ca72b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 24 Oct 2024 20:12:55 +0300
+Subject: [PATCH] rtsp-server: Remove pointless assertions that can happen if
+ client provides invalid rates
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3731
+Fixes CVE-2024-44331
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7739>
+CVE: CVE-2024-44331
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa3e97d67c05d4648ea58c7ff7675e24a81ca72b]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ gst/rtsp-server/rtsp-media.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+diff --git a/gst/rtsp-server/rtsp-media.c b/gst/rtsp-server/rtsp-media.c
+index 8c62b0d..cbdc9f9 100644
+--- a/gst/rtsp-server/rtsp-media.c
+++ b/gst/rtsp-server/rtsp-media.c
+@@ -2755,15 +2755,13 @@ gst_rtsp_media_get_rates (GstRTSPMedia * media, gdouble * rate,
+           first_stream = FALSE;
+         } else {
+           if (save_rate != *rate || save_applied_rate != *applied_rate) {
+-            /* diffrent rate or applied_rate, weird */
+-            g_assert (FALSE);
+            /* different rate or applied_rate, weird */
+             result = FALSE;
+             break;
+           }
+         }
+       } else {
+-        /* complete stream withot rate and applied_rate, weird */
+-        g_assert (FALSE);
+        /* complete stream without rate and applied_rate, weird */
+         result = FALSE;
+         break;
+       }
+--
+2.40.0
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
index c89c22f334..3cd21e7181 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
@@ -8,7 +8,9 @@ DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base"
 PNREAL = "gst-rtsp-server"
-SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
+SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz \
+           file://CVE-2024-44331.patch \
+          "
 SRC_URI[sha256sum] = "bf6c7871e7cf3528e4ec87ddc2f2949691cd269f98e536482ae744c1405cf451"
author	Archana Polampalli <archana.polampalli@windriver.com>	2025-02-07 15:41:13 +0000
committer	Steve Sakoman <steve@sakoman.com>	2025-02-14 06:38:54 -0800
commit	1430219d5e066830ca12c9cacad514e1ff269ff4 (patch)
tree	d210cd8b2dac2904858a77ddc141c2fdc1974ee7 /meta
parent	f40fb67618936ab0328b5c5bc4b6222b7497824d (diff)
download	poky-1430219d5e066830ca12c9cacad514e1ff269ff4.tar.gz

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch new file mode 100644 index 0000000000..eea58d3538 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch
@@ -0,0 +1,44 @@
		1	From aa3e97d67c05d4648ea58c7ff7675e24a81ca72b Mon Sep 17 00:00:00 2001
		2	From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
		3	Date: Thu, 24 Oct 2024 20:12:55 +0300
		4	Subject: [PATCH] rtsp-server: Remove pointless assertions that can happen if
		5	client provides invalid rates
		6
		7	Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3731
		8	Fixes CVE-2024-44331
		9
		10	Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7739>
		11
		12	CVE: CVE-2024-44331
		13
		14	Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa3e97d67c05d4648ea58c7ff7675e24a81ca72b]
		15
		16	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		17	---
		18	gst/rtsp-server/rtsp-media.c \| 6 ++----
		19	1 file changed, 2 insertions(+), 4 deletions(-)
		20
		21	diff --git a/gst/rtsp-server/rtsp-media.c b/gst/rtsp-server/rtsp-media.c
		22	index 8c62b0d..cbdc9f9 100644
		23	--- a/gst/rtsp-server/rtsp-media.c
		24	+++ b/gst/rtsp-server/rtsp-media.c
		25	@@ -2755,15 +2755,13 @@ gst_rtsp_media_get_rates (GstRTSPMedia * media, gdouble * rate,
		26	first_stream = FALSE;
		27	} else {
		28	if (save_rate != rate \|\| save_applied_rate != applied_rate) {
		29	- /* diffrent rate or applied_rate, weird */
		30	- g_assert (FALSE);
		31	+ /* different rate or applied_rate, weird */
		32	result = FALSE;
		33	break;
		34	}
		35	}
		36	} else {
		37	- /* complete stream withot rate and applied_rate, weird */
		38	- g_assert (FALSE);
		39	+ /* complete stream without rate and applied_rate, weird */
		40	result = FALSE;
		41	break;
		42	}
		43	--
		44	2.40.0


diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb index c89c22f334..3cd21e7181 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
@@ -8,7 +8,9 @@ DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base"
8		8
9	PNREAL = "gst-rtsp-server"	9	PNREAL = "gst-rtsp-server"
10		10
11	SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"	11	SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz \
		12	file://CVE-2024-44331.patch \
		13	"
12		14
13	SRC_URI[sha256sum] = "bf6c7871e7cf3528e4ec87ddc2f2949691cd269f98e536482ae744c1405cf451"	15	SRC_URI[sha256sum] = "bf6c7871e7cf3528e4ec87ddc2f2949691cd269f98e536482ae744c1405cf451"
14		16