From 48c33f4b2e5c620ae17d26fcaf9590db8b2a9fe1 Mon Sep 17 00:00:00 2001 From: simonb Date: Tue, 20 May 2008 13:31:39 +0000 Subject: Check for end-of-string when parsing a stringlist field. Problem and fix originally reported by Kentaro Oda to the mad-dev mailing list. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2109 for some more info. --- audio/libid3tag/Makefile | 4 ++-- audio/libid3tag/distinfo | 3 ++- audio/libid3tag/patches/patch-ab | 16 ++++++++++++++++ 3 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 audio/libid3tag/patches/patch-ab (limited to 'audio') diff --git a/audio/libid3tag/Makefile b/audio/libid3tag/Makefile index 8a3c2a97970..6722f5dc150 100644 --- a/audio/libid3tag/Makefile +++ b/audio/libid3tag/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.21 2007/07/01 15:57:16 heinz Exp $ +# $NetBSD: Makefile,v 1.22 2008/05/20 13:31:39 simonb Exp $ # DISTNAME= libid3tag-0.15.1b -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= audio MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mad/} diff --git a/audio/libid3tag/distinfo b/audio/libid3tag/distinfo index 596067dd346..5629064f43d 100644 --- a/audio/libid3tag/distinfo +++ b/audio/libid3tag/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.3 2005/02/23 20:39:47 agc Exp $ +$NetBSD: distinfo,v 1.4 2008/05/20 13:31:39 simonb Exp $ SHA1 (libid3tag-0.15.1b.tar.gz) = 4d867e8a8436e73cd7762fe0e85958e35f1e4306 RMD160 (libid3tag-0.15.1b.tar.gz) = 31a69b8ad7684aefdb675acc8ebf89bd6f432095 Size (libid3tag-0.15.1b.tar.gz) = 338143 bytes SHA1 (patch-aa) = 2103523de3b2703479bba578eb002b33ffff88b0 +SHA1 (patch-ab) = 62325c79206726233ec3e327fb4ac05023252e3f diff --git a/audio/libid3tag/patches/patch-ab b/audio/libid3tag/patches/patch-ab new file mode 100644 index 00000000000..188ab8f7839 --- /dev/null +++ b/audio/libid3tag/patches/patch-ab @@ -0,0 +1,16 @@ +$NetBSD: patch-ab,v 1.1 2008/05/20 13:31:39 simonb Exp $ + +Fix for initite loop bug in libid3tag-0.15.0b. +http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2109 + +--- field.c.orig 2004-01-23 20:41:32.000000000 +1100 ++++ field.c +@@ -291,7 +291,7 @@ int id3_field_parse(union id3_field *fie + + end = *ptr + length; + +- while (end - *ptr > 0) { ++ while (end - *ptr > 0 && **ptr != '\0') { + ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); + if (ucs4 == 0) + goto fail; -- cgit v1.2.3