Merge branch 'secfixes.aerdan.20181206' into 'master'

Security fixes for Perl and WavPack



See merge request !126

1 files changed, 29 insertions, 0 deletions

diff --git a/user/wavpack/cve2018-19841.patch b/user/wavpack/cve2018-19841.patch
new file mode 100644
index 000000000..6872ed91e
--- /dev/null
+++ b/user/wavpack/cve2018-19841.patch
@@ -0,0 +1,29 @@
+From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Thu, 29 Nov 2018 21:53:51 -0800
+Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
+
+---
+ src/open_utils.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/open_utils.c b/src/open_utils.c
+index 80051fc..4fe0d67 100644
+--- a/src/open_utils.c
++++ b/src/open_utils.c
+@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
+ #endif
+ 
+             if (meta_bc == 4) {
+-                if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
++                if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
+                     return FALSE;
+             }
+             else {
+                 csum ^= csum >> 16;
+ 
+-                if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
++                if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
+                     return FALSE;
+             }
+