From 8663f54222504fa217df288cd58199821be801d5f839d2824046a65925162e5c Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Tue, 3 Sep 2019 09:54:25 +0000
Subject: [PATCH] - Add CVE-2019-15757.patch [boo#1148728]

OBS-URL: https://build.opensuse.org/package/show/filesystems/libmirage?expand=0&rev=55
---
 CVE-2019-15757.patch | 24 ++++++++++++++++++++++++
 libmirage.changes    |  5 +++++
 libmirage.spec       |  1 +
 3 files changed, 30 insertions(+)
 create mode 100644 CVE-2019-15757.patch

diff --git a/CVE-2019-15757.patch b/CVE-2019-15757.patch
new file mode 100644
index 0000000..cf9d37d
--- /dev/null
+++ b/CVE-2019-15757.patch
@@ -0,0 +1,24 @@
+Origin: https://gist.github.com/andreafioraldi/343d9ba64060b548c02362a5e61ec932
+
+---
+ images/image-nrg/parser.c |    7 +++++++
+ 1 file changed, 7 insertions(+)
+
+Index: libmirage-3.2.2/images/image-nrg/parser.c
+===================================================================
+--- a/libmirage-3.2.2.orig/images/image-nrg/parser.c
++++ b/libmirage-3.2.2/images/image-nrg/parser.c
+@@ -987,6 +987,13 @@ static MirageDisc *mirage_parser_nrg_loa
+     /* Set CD-ROM as default medium type, will be changed accordingly if there
+        is a MTYP block provided */
+     mirage_disc_set_medium_type(self->priv->disc, MIRAGE_MEDIUM_CD);
++    /* Length integrity check */
++    if (self->priv->nrg_data_length == 0) {
++        MIRAGE_DEBUG(self, MIRAGE_DEBUG_WARNING, "%s: rg_data_length must be greater than 0!\n", __debug__);
++        g_set_error(error, MIRAGE_ERROR, MIRAGE_ERROR_IMAGE_FILE_ERROR, Q_("nrg_data_length must be greater than 0!"));
++        succeeded = FALSE;
++        goto end;
++    }
+ 
+     /* Read descriptor data */
+     self->priv->nrg_data = g_malloc(self->priv->nrg_data_length);
diff --git a/libmirage.changes b/libmirage.changes
index 4bde7eb..7dca4b2 100644
--- a/libmirage.changes
+++ b/libmirage.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Sep  3 09:53:55 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Add CVE-2019-15757.patch [boo#1148728]
+
 -------------------------------------------------------------------
 Mon Aug 26 08:28:33 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/libmirage.spec b/libmirage.spec
index 402d2b1..d873790 100644
--- a/libmirage.spec
+++ b/libmirage.spec
@@ -30,6 +30,7 @@ URL:            http://cdemu.sf.net/about/libmirage/
 Source:         https://downloads.sf.net/cdemu/%name-%version.tar.bz2
 Patch1:         0001-libMirage-CSO-filter-validate-part-size.patch
 Patch2:         0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch
+Patch3:         CVE-2019-15757.patch
 BuildRequires:  cmake >= 2.8.5
 BuildRequires:  intltool >= 0.21
 BuildRequires:  pkg-config >= 0.16