pool/gstreamer-plugins-base
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 703582 from home:mgorse:branches:multimedia:libs

Browse Source 
- Add CVE-2019-9928.patch: fix a heap overflow in the rtsp
  connection parser (boo#1133375 CVE-2019-9928).

OBS-URL: https://build.opensuse.org/request/show/703582
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/gstreamer-plugins-base?expand=0&rev=128
This commit is contained in:
Tomáš Chvátal 2019-05-16 23:23:24 +00:00 committed by Git OBS Bridge
parent 615984d8e0
commit 6ab9d5c3f5
3 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2019-9928.patch Normal file
View File

@ -0,0 +1,29 @@
From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001
From: Tobias Ronge <tobiasr@axis.com>
Date: Thu, 14 Mar 2019 10:12:27 +0100
Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow
The former code allowed an attacker to create a heap overflow by
sending a longer than allowed session id in a response and including a
semicolon to change the maximum length. With this change, the parser
will never go beyond 512 bytes.
---
gst-libs/gst/rtsp/gstrtspconnection.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c
index a6755bedd..c0429064a 100644
--- a/gst-libs/gst/rtsp/gstrtspconnection.c
+++ b/gst-libs/gst/rtsp/gstrtspconnection.c
@@ -2461,7 +2461,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message,
maxlen = sizeof (conn->session_id) - 1;
/* the sessionid can have attributes marked with ;
* Make sure we strip them */
- for (i = 0; session_id[i] != '\0'; i++) {
+ for (i = 0; i < maxlen && session_id[i] != '\0'; i++) {
if (session_id[i] == ';') {
maxlen = i;
/* parse timeout */
--
2.20.1

6
gstreamer-plugins-base.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu May 16 21:48:14 UTC 2019 - mgorse@suse.com
- Add CVE-2019-9928.patch: fix a heap overflow in the rtsp
connection parser (boo#1133375 CVE-2019-9928).
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 26 07:24:19 UTC 2019 - plater <davejplater@gmail.com> Fri Apr 26 07:24:19 UTC 2019 - plater <davejplater@gmail.com>

4
gstreamer-plugins-base.spec
View File

@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
@ -30,6 +30,8 @@ Source0: https://gstreamer.freedesktop.org/src/gst-plugins-base/%{_name}-
Source1: gstreamer-plugins-base.appdata.xml Source1: gstreamer-plugins-base.appdata.xml
Source2: baselibs.conf Source2: baselibs.conf
Patch0: 0001-id3tag-Correctly-validate-the-year-from-v1-tags-befo.patch Patch0: 0001-id3tag-Correctly-validate-the-year-from-v1-tags-befo.patch
# PATCh-FIX-UPSTREAM CVE-2019-9928.patch boo#1133375 mgorse@suse.com -- fix a heap overflow in the rtsp connection parser.
Patch1: CVE-2019-9928.patch
BuildRequires: Mesa-libGLESv3-devel BuildRequires: Mesa-libGLESv3-devel
BuildRequires: cdparanoia-devel BuildRequires: cdparanoia-devel