diff options
author | rtr <rtr> | 2009-01-14 06:46:53 +0000 |
---|---|---|
committer | rtr <rtr> | 2009-01-14 06:46:53 +0000 |
commit | e818019504a3eb2fb6364f40de19bdc68b54a0a3 (patch) | |
tree | 4c1cfbffe323d834c50ff3abd3e3f7feb5624a4e /audio | |
parent | 4de80b693235698d4dfeb417f284800f701bade6 (diff) | |
download | pkgsrc-e818019504a3eb2fb6364f40de19bdc68b54a0a3.tar.gz |
pullup ticket #2632 - requested by wiz
amarok: fix possible buffer overflows
revisions pulled up:
pkgsrc/audio/amarok/Makefile 1.69
pkgsrc/audio/amarok/distinfo 1.36
pkgsrc/audio/amarok/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jan 12 12:33:40 UTC 2009
Modified Files:
pkgsrc/audio/amarok: Makefile distinfo
Added Files:
pkgsrc/audio/amarok/patches: patch-ad
Log Message:
Fix security problem:
* Fix possible buffer overflows when parsing Audible .aa files.
Bump PKGREVISION.
Diffstat (limited to 'audio')
-rw-r--r-- | audio/amarok/Makefile | 3 | ||||
-rw-r--r-- | audio/amarok/distinfo | 3 | ||||
-rw-r--r-- | audio/amarok/patches/patch-ad | 89 |
3 files changed, 93 insertions, 2 deletions
diff --git a/audio/amarok/Makefile b/audio/amarok/Makefile index a90f6ef5a72..9fbd20c911c 100644 --- a/audio/amarok/Makefile +++ b/audio/amarok/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.67 2008/08/15 12:52:57 wiz Exp $ +# $NetBSD: Makefile,v 1.67.6.1 2009/01/14 06:46:53 rtr Exp $ DISTNAME= amarok-${VERSION} VERSION= 1.4.10 +PKGREVISION= 1 CATEGORIES= audio kde MASTER_SITES= ${MASTER_SITE_KDE:=amarok/${VERSION}/src/} EXTRACT_SUFX= .tar.bz2 diff --git a/audio/amarok/distinfo b/audio/amarok/distinfo index 4ab46b95654..28b3204be26 100644 --- a/audio/amarok/distinfo +++ b/audio/amarok/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.35 2008/09/22 05:35:20 wiz Exp $ +$NetBSD: distinfo,v 1.35.4.1 2009/01/14 06:46:53 rtr Exp $ SHA1 (amarok-1.4.10.tar.bz2) = cb0bebe99c6f4dc1b01601f2f3aee3a86da08fbd RMD160 (amarok-1.4.10.tar.bz2) = f86c71dd0459e0cf1ff586cd6de240ca6501cf62 Size (amarok-1.4.10.tar.bz2) = 12812583 bytes SHA1 (patch-aa) = 53316f334f45a8a4780ae71061d528374a75cb5a SHA1 (patch-ab) = 91097c1d901fb66c5c8e593005c462b1874f50bf +SHA1 (patch-ad) = eea8105897ce4cd9d4a086430ec0588125b3517b diff --git a/audio/amarok/patches/patch-ad b/audio/amarok/patches/patch-ad new file mode 100644 index 00000000000..9c5059c5a25 --- /dev/null +++ b/audio/amarok/patches/patch-ad @@ -0,0 +1,89 @@ +$NetBSD: patch-ad,v 1.1.2.2 2009/01/14 06:46:53 rtr Exp $ + +Security fix, SVN r908415 from upstream 1.4.x branch. + +--- amarok/src/metadata/audible/audibletag.cpp.orig 2008-08-13 23:21:51.000000000 +0200 ++++ amarok/src/metadata/audible/audibletag.cpp +@@ -71,7 +71,8 @@ void Audible::Tag::readTags( FILE *fp ) + { + char buf[1023]; + fseek(fp, OFF_PRODUCT_ID, SEEK_SET); +- fread(buf, strlen("product_id"), 1, fp); ++ if (fread(buf, strlen("product_id"), 1, fp) != 1) ++ return; + if(memcmp(buf, "product_id", strlen("product_id"))) + { + buf[20]='\0'; +@@ -130,24 +131,65 @@ void Audible::Tag::readTags( FILE *fp ) + + bool Audible::Tag::readTag( FILE *fp, char **name, char **value) + { ++ // arbitrary value that has to be smaller than 2^32-1 and that should be large enough for all tags ++ const uint32_t maxtaglen = 100000; ++ + uint32_t nlen; +- fread(&nlen, sizeof(nlen), 1, fp); ++ if (fread(&nlen, sizeof(nlen), 1, fp) != 1) ++ return false; + nlen = ntohl(nlen); + //fprintf(stderr, "tagname len=%x\n", (unsigned)nlen); +- *name = new char[nlen+1]; +- (*name)[nlen] = '\0'; ++ if (nlen > maxtaglen) ++ return false; + + uint32_t vlen; +- fread(&vlen, sizeof(vlen), 1, fp); ++ if (fread(&vlen, sizeof(vlen), 1, fp) != 1) ++ return false; + vlen = ntohl(vlen); + //fprintf(stderr, "tag len=%x\n", (unsigned)vlen); ++ if (vlen > maxtaglen) ++ return false; ++ ++ *name = new char[nlen+1]; ++ if (!*name) ++ return false; ++ + *value = new char[vlen+1]; ++ if (!*value) ++ { ++ delete[] *name; ++ *name = 0; ++ return false; ++ } ++ ++ (*name)[nlen] = '\0'; + (*value)[vlen] = '\0'; + +- fread(*name, nlen, 1, fp); +- fread(*value, vlen, 1, fp); ++ if (fread(*name, nlen, 1, fp) != 1) ++ { ++ delete[] *name; ++ *name = 0; ++ delete[] *value; ++ *value = 0; ++ return false; ++ } ++ if (fread(*value, vlen, 1, fp) != 1) ++ { ++ delete[] *name; ++ *name = 0; ++ delete[] *value; ++ *value = 0; ++ return false; ++ } + char lasttag; +- fread(&lasttag, 1, 1, fp); ++ if (fread(&lasttag, 1, 1, fp) != 1) ++ { ++ delete[] *name; ++ *name = 0; ++ delete[] *value; ++ *value = 0; ++ return false; ++ } + //fprintf(stderr, "%s: \"%s\"\n", *name, *value); + + m_tagsEndOffset += 2 * 4 + nlen + vlen + 1; |