Check for end-of-string when parsing a stringlist field.

Problem and fix originally reported by Kentaro Oda to the mad-dev
mailing list.

See http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2109
for some more info.

3 files changed, 20 insertions, 3 deletions

diff --git a/audio/libid3tag/Makefile b/audio/libid3tag/Makefile
index 8a3c2a97970..6722f5dc150 100644
--- a/audio/libid3tag/Makefile
+++ b/audio/libid3tag/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2007/07/01 15:57:16 heinz Exp $
+# $NetBSD: Makefile,v 1.22 2008/05/20 13:31:39 simonb Exp $
 #
 
 DISTNAME=	libid3tag-0.15.1b
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	audio
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=mad/}
 
diff --git a/audio/libid3tag/distinfo b/audio/libid3tag/distinfo
index 596067dd346..5629064f43d 100644
--- a/audio/libid3tag/distinfo
+++ b/audio/libid3tag/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.3 2005/02/23 20:39:47 agc Exp $
+$NetBSD: distinfo,v 1.4 2008/05/20 13:31:39 simonb Exp $
 
 SHA1 (libid3tag-0.15.1b.tar.gz) = 4d867e8a8436e73cd7762fe0e85958e35f1e4306
 RMD160 (libid3tag-0.15.1b.tar.gz) = 31a69b8ad7684aefdb675acc8ebf89bd6f432095
 Size (libid3tag-0.15.1b.tar.gz) = 338143 bytes
 SHA1 (patch-aa) = 2103523de3b2703479bba578eb002b33ffff88b0
+SHA1 (patch-ab) = 62325c79206726233ec3e327fb4ac05023252e3f
diff --git a/audio/libid3tag/patches/patch-ab b/audio/libid3tag/patches/patch-ab
new file mode 100644
index 00000000000..188ab8f7839
--- /dev/null
+++ b/audio/libid3tag/patches/patch-ab
@@ -0,0 +1,16 @@
+$NetBSD: patch-ab,v 1.1 2008/05/20 13:31:39 simonb Exp $
+
+Fix for initite loop bug in libid3tag-0.15.0b.
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2109
+
+--- field.c.orig	2004-01-23 20:41:32.000000000 +1100
++++ field.c
+@@ -291,7 +291,7 @@ int id3_field_parse(union id3_field *fie
+ 
+       end = *ptr + length;
+ 
+-      while (end - *ptr > 0) {
++      while (end - *ptr > 0 && **ptr != '\0') {
+ 	ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ 	if (ucs4 == 0)
+ 	  goto fail;