kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/audio/libcdaudio/files/patch-CVE-2008-5030.2005-0706

46 lines
1.6 KiB
Text
Raw Normal View History

Cleanup patches, a* categories. Rename them to follow the make makepatch naming, and regenerate them. With hat: portmgr Sponsored by: Absolight
2016-07-26 18:51:15 +02:00
--- src/cddb.c.orig 2004-09-09 01:26:39 UTC
+++ src/cddb.c
@@ -1052,7 +1052,8 @@ cddb_query(int cd_desc, int sock,
- Fix: Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute arbitrary code via long CDDB data. Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. PR: 129050 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Approved by: novel@ (maintainer) Security: http://www.vuxml.org/freebsd/bd730827-dfe0-11dd-a765-0030843d3802.html
2009-01-11 14:22:40 +01:00
}
query->query_matches = 0;
- while(!cddb_read_line(sock, inbuffer, 256)) {
+ while(query->query_matches < MAX_INEXACT_MATCHES &&
+ !cddb_read_line(sock, inbuffer, 256)) {
slashed = 0;
if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
index = 0;
Cleanup patches, a* categories. Rename them to follow the make makepatch naming, and regenerate them. With hat: portmgr Sponsored by: Absolight
2016-07-26 18:51:15 +02:00
@@ -1601,7 +1602,7 @@ cddb_read_disc_data(int cd_desc, struct
- Fix: Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute arbitrary code via long CDDB data. Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. PR: 129050 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Approved by: novel@ (maintainer) Security: http://www.vuxml.org/freebsd/bd730827-dfe0-11dd-a765-0030843d3802.html
2009-01-11 14:22:40 +01:00
return -1;
}
- if((inbuffer = malloc(256)) == NULL) {
+ if((inbuffer = malloc(512)) == NULL) {
free(root_dir);
free(file);
return -1;
Cleanup patches, a* categories. Rename them to follow the make makepatch naming, and regenerate them. With hat: portmgr Sponsored by: Absolight
2016-07-26 18:51:15 +02:00
--- src/coverart.c.orig 2003-02-12 17:56:55 UTC
+++ src/coverart.c
@@ -131,7 +131,9 @@ coverart_process_line(char *line, struct
- Fix: Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute arbitrary code via long CDDB data. Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. PR: 129050 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Approved by: novel@ (maintainer) Security: http://www.vuxml.org/freebsd/bd730827-dfe0-11dd-a765-0030843d3802.html
2009-01-11 14:22:40 +01:00
}
} else if(strncmp(line, "Album", 5) == 0) {
long n = strtol((char *)line + 5, NULL, 10);
- if(parse_disc_artist && strchr(procbuffer, '/') != NULL) {
+ if(n >= MAX_INEXACT_MATCHES) {
+ // Too much data, can't store it
+ } else if(parse_disc_artist && strchr(procbuffer, '/') != NULL) {
strtok(procbuffer, "/");
strncpy(query->query_list[n].list_artist, procbuffer,
(strlen(procbuffer) < 64) ? (strlen(procbuffer) - 1) : 64);
Cleanup patches, a* categories. Rename them to follow the make makepatch naming, and regenerate them. With hat: portmgr Sponsored by: Absolight
2016-07-26 18:51:15 +02:00
@@ -143,7 +145,9 @@ coverart_process_line(char *line, struct
- Fix: Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute arbitrary code via long CDDB data. Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. PR: 129050 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Approved by: novel@ (maintainer) Security: http://www.vuxml.org/freebsd/bd730827-dfe0-11dd-a765-0030843d3802.html
2009-01-11 14:22:40 +01:00
}
} else if(strncmp(line, "Url", 3) == 0) {
long n = strtol((char *)line + 3, NULL, 10);
- cddb_process_url(&query->query_list[n].list_host, procbuffer);
+ if (n < MAX_INEXACT_MATCHES) {
+ cddb_process_url(&query->query_list[n].list_host, procbuffer);
+ }
}
return;
Reference in a new issue Copy permalink