From aae4e5d456512abdd20804e08bac1cddc95377b1 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Sun, 4 Aug 2019 00:47:38 -0500 Subject: user/taglib: patch for CVE-2017-12678 and CVE-2018-11439 (#150) --- user/taglib/CVE-2018-11439.patch | 42 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 user/taglib/CVE-2018-11439.patch (limited to 'user/taglib/CVE-2018-11439.patch') diff --git a/user/taglib/CVE-2018-11439.patch b/user/taglib/CVE-2018-11439.patch new file mode 100644 index 000000000..20b777e74 --- /dev/null +++ b/user/taglib/CVE-2018-11439.patch @@ -0,0 +1,42 @@ +From 2c4ae870ec086f2ddd21a47861a3709c36faac45 Mon Sep 17 00:00:00 2001 +From: Scott Gayou +Date: Tue, 9 Oct 2018 18:46:55 -0500 +Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) + (#869) + +CVE-2018-11439 is caused by a failure to check the minimum length +of a ogg flac header. This header is detailed in full at: +https://xiph.org/flac/ogg_mapping.html. Added more strict checking +for entire header. +--- + taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp +index 53d04508a..07ea9dccc 100644 +--- a/taglib/ogg/flac/oggflacfile.cpp ++++ b/taglib/ogg/flac/oggflacfile.cpp +@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() + + if(!metadataHeader.startsWith("fLaC")) { + // FLAC 1.1.2+ ++ // See https://xiph.org/flac/ogg_mapping.html for the header specification. ++ if(metadataHeader.size() < 13) ++ return; ++ ++ if(metadataHeader[0] != 0x7f) ++ return; ++ + if(metadataHeader.mid(1, 4) != "FLAC") + return; + +- if(metadataHeader[5] != 1) +- return; // not version 1 ++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) ++ return; // not version 1.0 ++ ++ if(metadataHeader.mid(9, 4) != "fLaC") ++ return; + + metadataHeader = metadataHeader.mid(13); + } -- cgit v1.2.3-60-g2f50