diff options
Diffstat (limited to 'gnu/packages/patches/soundtouch-CVE-2018-1000223.patch')
-rw-r--r-- | gnu/packages/patches/soundtouch-CVE-2018-1000223.patch | 143 |
1 files changed, 0 insertions, 143 deletions
diff --git a/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch b/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch deleted file mode 100644 index 961a183565..0000000000 --- a/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch +++ /dev/null @@ -1,143 +0,0 @@ -Fix CVE-2018-1000223: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000223 -https://gitlab.com/soundtouch/soundtouch/issues/6 - -Patches copied from upstream source repository: - -https://gitlab.com/soundtouch/soundtouch/commit/9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e -https://gitlab.com/soundtouch/soundtouch/commit/e0240689056e4182fffdc2a16aa6e3425a15e275 -https://gitlab.com/soundtouch/soundtouch/commit/46531e5b92dd80dd9a7947463d6224fc7cb21967 - -From 9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e Mon Sep 17 00:00:00 2001 -From: oparviainen <oparviai@iki.fi> -Date: Sun, 12 Aug 2018 20:24:37 +0300 -Subject: [PATCH] Added minimum size check for WAV header block lengh values - ---- - source/SoundStretch/WavFile.cpp | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp -index 7e7ade2..68818c9 100644 ---- a/source/SoundStretch/WavFile.cpp -+++ b/source/SoundStretch/WavFile.cpp -@@ -530,7 +530,11 @@ int WavInFile::readHeaderBlock() - // read length of the format field - if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1; - // swap byte order if necessary -- _swap32(nLen); // int format_len; -+ _swap32(nLen); -+ -+ // verify that header length isn't smaller than expected -+ if (nLen < sizeof(header.format) - 8) return -1; -+ - header.format.format_len = nLen; - - // calculate how much length differs from expected -@@ -572,6 +576,10 @@ int WavInFile::readHeaderBlock() - if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1; - // swap byte order if necessary - _swap32(nLen); // int fact_len; -+ -+ // verify that fact length isn't smaller than expected -+ if (nLen < sizeof(header.fact) - 8) return -1; -+ - header.fact.fact_len = nLen; - - // calculate how much length differs from expected --- -2.18.0 - -From e0240689056e4182fffdc2a16aa6e3425a15e275 Mon Sep 17 00:00:00 2001 -From: oparviainen <oparviai@iki.fi> -Date: Mon, 13 Aug 2018 19:16:16 +0300 -Subject: [PATCH] Fixed WavFile header/fact not-too-small check - ---- - source/SoundStretch/WavFile.cpp | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp -index 4af7a4c..3421bca 100644 ---- a/source/SoundStretch/WavFile.cpp -+++ b/source/SoundStretch/WavFile.cpp -@@ -518,13 +518,13 @@ int WavInFile::readHeaderBlock() - // swap byte order if necessary - _swap32(nLen); - -- // verify that header length isn't smaller than expected -- if (nLen < sizeof(header.format) - 8) return -1; -+ // calculate how much length differs from expected -+ nDump = nLen - ((int)sizeof(header.format) - 8); - -- header.format.format_len = nLen; -+ // verify that header length isn't smaller than expected structure -+ if (nDump < 0) return -1; - -- // calculate how much length differs from expected -- nDump = nLen - ((int)sizeof(header.format) - 8); -+ header.format.format_len = nLen; - - // if format_len is larger than expected, read only as much data as we've space for - if (nDump > 0) -@@ -561,16 +561,16 @@ int WavInFile::readHeaderBlock() - // read length of the fact field - if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1; - // swap byte order if necessary -- _swap32(nLen); // int fact_len; -- -- // verify that fact length isn't smaller than expected -- if (nLen < sizeof(header.fact) - 8) return -1; -- -- header.fact.fact_len = nLen; -+ _swap32(nLen); - - // calculate how much length differs from expected - nDump = nLen - ((int)sizeof(header.fact) - 8); - -+ // verify that fact length isn't smaller than expected structure -+ if (nDump < 0) return -1; -+ -+ header.fact.fact_len = nLen; -+ - // if format_len is larger than expected, read only as much data as we've space for - if (nDump > 0) - { --- -2.18.0 - -From 46531e5b92dd80dd9a7947463d6224fc7cb21967 Mon Sep 17 00:00:00 2001 -From: olli <oparviai@iki.fi> -Date: Mon, 13 Aug 2018 19:42:58 +0300 -Subject: [PATCH] Improved WavFile header/fact not-too-small check - ---- - source/SoundStretch/WavFile.cpp | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp -index 3421bca..9d90b8a 100644 ---- a/source/SoundStretch/WavFile.cpp -+++ b/source/SoundStretch/WavFile.cpp -@@ -522,7 +522,7 @@ int WavInFile::readHeaderBlock() - nDump = nLen - ((int)sizeof(header.format) - 8); - - // verify that header length isn't smaller than expected structure -- if (nDump < 0) return -1; -+ if ((nLen < 0) || (nDump < 0)) return -1; - - header.format.format_len = nLen; - -@@ -567,7 +567,7 @@ int WavInFile::readHeaderBlock() - nDump = nLen - ((int)sizeof(header.fact) - 8); - - // verify that fact length isn't smaller than expected structure -- if (nDump < 0) return -1; -+ if ((nLen < 0) || (nDump < 0)) return -1; - - header.fact.fact_len = nLen; - --- -2.18.0 - |