user/sox: patch multiple CVEs (#166)

1 files changed, 34 insertions, 0 deletions

diff --git a/user/sox/CVE-2017-15642.patch b/user/sox/CVE-2017-15642.patch
new file mode 100644
index 000000000..95beb4f6f
--- /dev/null
+++ b/user/sox/CVE-2017-15642.patch
@@ -0,0 +1,34 @@
+From f56c0dbca8f5bd02ea88970c248c0d087386e807 Mon Sep 17 00:00:00 2001
+From: Mans Rullgard <mans@mansr.com>
+Date: Mon, 20 Nov 2017 11:03:15 +0000
+Subject: [PATCH] aiff: fix crash on empty comment chunk (CVE-2017-15642)
+
+This fixes a use after free and double free if an empty comment
+chunk follows a non-empty one.
+---
+ src/aiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/aiff.c b/src/aiff.c
+index 240d2e1f..11ddb542 100644
+--- a/src/aiff.c
++++ b/src/aiff.c
+@@ -62,7 +62,6 @@ int lsx_aiffstartread(sox_format_t * ft)
+   size_t ssndsize = 0;
+   char *annotation;
+   char *author;
+-  char *comment = NULL;
+   char *copyright;
+   char *nametext;
+ 
+@@ -270,6 +269,7 @@ int lsx_aiffstartread(sox_format_t * ft)
+       free(annotation);
+     }
+     else if (strncmp(buf, "COMT", (size_t)4) == 0) {
++      char *comment = NULL;
+       rc = commentChunk(&comment, "Comment:", ft);
+       if (rc) {
+         /* Fail already called in function */
+-- 
+2.25.0
+