Takashi Iwai
2ba3b200ab
- Apply various fix patches taken from Debian package; it fixes also other entries (CVE-2022-31650 bsc#1212060 CVE-2023-34318 bsc#1212062 CVE-2023-34432 bsc#1212063): CVE-2019-13590.patch CVE-2021-3643.patch CVE-2021-23159.patch CVE-2021-33844.patch CVE-2021-40426.patch CVE-2022-31650.patch CVE-2022-31651.patch - Fix floating point exception in src/voc.c (CVE-2023-32627 bsc#1212061): CVE-2023-32627.patch OBS-URL: https://build.opensuse.org/request/show/1120234 OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/sox?expand=0&rev=45
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From 7b6a889217d62ed7e28188621403cc7542fd1f7e Mon Sep 17 00:00:00 2001
|
|
From: Mans Rullgard <mans@mansr.com>
|
|
Date: Tue, 4 Feb 2020 12:55:18 +0000
|
|
Subject: [PATCH] sox-fmt: validate comments_bytes before use (CVE-2019-13590)
|
|
[bug #325]
|
|
|
|
Cap the comments size to 1 GB to avoid overflows in subsequent
|
|
arithmetic.
|
|
|
|
The missing null check mentioned in the bug report is bogus since
|
|
lsx_calloc() returns a valid pointer or aborts.
|
|
---
|
|
src/sox-fmt.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/sox-fmt.c b/src/sox-fmt.c
|
|
index aad965cd..11c88771 100644
|
|
--- a/src/sox-fmt.c
|
|
+++ b/src/sox-fmt.c
|
|
@@ -46,7 +46,9 @@ static int startread(sox_format_t * ft)
|
|
lsx_readdw(ft, &comments_bytes))
|
|
return SOX_EOF;
|
|
|
|
- if (((headers_bytes + 4) & 7) || headers_bytes < FIXED_HDR + comments_bytes ||
|
|
+ if (((headers_bytes + 4) & 7) ||
|
|
+ comments_bytes > 0x40000000 || /* max 1 GB */
|
|
+ headers_bytes < FIXED_HDR + comments_bytes ||
|
|
(num_channels > 65535)) /* Reserve top 16 bits */ {
|
|
lsx_fail_errno(ft, SOX_EHDR, "invalid sox file format header");
|
|
return SOX_EOF;
|
|
--
|
|
2.39.1
|
|
|