93e21d0838
- Added taglib-CVE-2018-11439.patch: Fix an out-of-bounds read when loading invalid ogg flac files (CVE-2018-11439, bsc#1096180). - Applied spec-cleaner to specfile OBS-URL: https://build.opensuse.org/request/show/614493 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/taglib?expand=0&rev=75
42 lines
1.3 KiB
Diff
42 lines
1.3 KiB
Diff
From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001
|
|
From: Scott Gayou <github.scott@gmail.com>
|
|
Date: Mon, 4 Jun 2018 11:34:36 -0400
|
|
Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868)
|
|
|
|
CVE-2018-11439 is caused by a failure to check the minimum length
|
|
of a ogg flac header. This header is detailed in full at:
|
|
https://xiph.org/flac/ogg_mapping.html. Added more strict checking
|
|
for entire header.
|
|
---
|
|
taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++--
|
|
1 file changed, 12 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp
|
|
index 53d04508a..07ea9dccc 100644
|
|
--- a/taglib/ogg/flac/oggflacfile.cpp
|
|
+++ b/taglib/ogg/flac/oggflacfile.cpp
|
|
@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan()
|
|
|
|
if(!metadataHeader.startsWith("fLaC")) {
|
|
// FLAC 1.1.2+
|
|
+ // See https://xiph.org/flac/ogg_mapping.html for the header specification.
|
|
+ if(metadataHeader.size() < 13)
|
|
+ return;
|
|
+
|
|
+ if(metadataHeader[0] != 0x7f)
|
|
+ return;
|
|
+
|
|
if(metadataHeader.mid(1, 4) != "FLAC")
|
|
return;
|
|
|
|
- if(metadataHeader[5] != 1)
|
|
- return; // not version 1
|
|
+ if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
|
|
+ return; // not version 1.0
|
|
+
|
|
+ if(metadataHeader.mid(9, 4) != "fLaC")
|
|
+ return;
|
|
|
|
metadataHeader = metadataHeader.mid(13);
|
|
}
|