diff options
author | A. Wilcox <awilcox@wilcox-tech.com> | 2019-08-04 22:53:11 +0000 |
---|---|---|
committer | A. Wilcox <awilcox@wilcox-tech.com> | 2019-08-04 22:53:11 +0000 |
commit | 2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9 (patch) | |
tree | c99a2ff0b1366a5f6bb2d61b13916acb3012cea6 /user/libid3tag/CVE-2004-2779.patch | |
parent | 8410df6cbcf43832292026f4487ca2642be5cf15 (diff) | |
parent | 3c0917832c46ca76601c4e2e7388c4570bfbcb86 (diff) | |
download | packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.gz packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.bz2 packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.xz packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.zip |
Merge branch 'cves' into 'master'
CVE catch up, part one
See merge request adelie/packages!307
Diffstat (limited to 'user/libid3tag/CVE-2004-2779.patch')
-rw-r--r-- | user/libid3tag/CVE-2004-2779.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/user/libid3tag/CVE-2004-2779.patch b/user/libid3tag/CVE-2004-2779.patch new file mode 100644 index 000000000..b7e1e2280 --- /dev/null +++ b/user/libid3tag/CVE-2004-2779.patch @@ -0,0 +1,32 @@ +Lifted from Debian: +https://sources.debian.org/patches/libid3tag/0.15.1b-14/10_utf16.dpatch/ + +Also fixes: + +CVE-2008-2109 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480187#12 +CVE-2017-11551 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870333#10 + +Handle bogus UTF16 sequences that have a length that is not +an even number of 8 bit characters. + +--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100 ++++ libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100 +@@ -282,5 +282,18 @@ + + free(utf16); + ++ if (end == *ptr && length % 2 != 0) ++ { ++ /* We were called with a bogus length. It should always ++ * be an even number. We can deal with this in a few ways: ++ * - Always give an error. ++ * - Try and parse as much as we can and ++ * - return an error if we're called again when we ++ * already tried to parse everything we can. ++ * - tell that we parsed it, which is what we do here. ++ */ ++ (*ptr)++; ++ } ++ + return ucs4; + } |