freebsd-ports/audio/libcdaudio/files/patch-CVE-2008-5030.2005-0706

--- src/cddb.c.orig	2004-09-09 05:26:39.000000000 +0400
+++ src/cddb.c	2008-11-21 17:33:50.000000000 +0300
@@ -1052,7 +1052,8 @@
     }
 	   
     query->query_matches = 0;
-    while(!cddb_read_line(sock, inbuffer, 256)) {
+    while(query->query_matches < MAX_INEXACT_MATCHES &&
+        !cddb_read_line(sock, inbuffer, 256)) {
       slashed = 0;
       if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
 	index = 0;
@@ -1601,7 +1602,7 @@
     return -1;
   }
    
-  if((inbuffer = malloc(256)) == NULL) {
+  if((inbuffer = malloc(512)) == NULL) {
     free(root_dir);
     free(file);
     return -1;
--- src/coverart.c.orig	2008-11-21 17:36:39.000000000 +0300
+++ src/coverart.c	2008-11-21 17:39:41.000000000 +0300
@@ -131,7 +131,9 @@
     }
   } else if(strncmp(line, "Album", 5) == 0) {
     long n = strtol((char *)line + 5, NULL, 10);
-    if(parse_disc_artist && strchr(procbuffer, '/') != NULL) {
+    if(n >= MAX_INEXACT_MATCHES) {
+      // Too much data, can't store it
+    } else if(parse_disc_artist && strchr(procbuffer, '/') != NULL) {
       strtok(procbuffer, "/");
       strncpy(query->query_list[n].list_artist, procbuffer,
 	      (strlen(procbuffer) < 64) ? (strlen(procbuffer) - 1) : 64); 
@@ -143,7 +145,9 @@
     }
   } else if(strncmp(line, "Url", 3) == 0) {
     long n = strtol((char *)line + 3, NULL, 10);
-    cddb_process_url(&query->query_list[n].list_host, procbuffer);
+    if (n < MAX_INEXACT_MATCHES) {
+      cddb_process_url(&query->query_list[n].list_host, procbuffer);
+    }
   }
 
   return;