1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-25 04:43:33 +00:00

Add upstream patches for

CVE-2014-8962: Heap buffer read overflow
CVE-2014-9028: Heap buffer write overflow

Security:	a33addf6-74e6-11e4-a615-f8b156b6dcc8
This commit is contained in:
Christian Weisgerber 2014-11-25 21:40:17 +00:00
parent a3e895402b
commit e3d2d609db
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=373432
2 changed files with 33 additions and 1 deletions

View File

@ -3,7 +3,7 @@
PORTNAME= flac
PORTVERSION= 1.3.0
PORTREVISION= 2
PORTREVISION= 3
CATEGORIES= audio
MASTER_SITES= http://downloads.xiph.org/releases/flac/

View File

@ -0,0 +1,32 @@
--- src/libFLAC/stream_decoder.c.orig 2013-05-26 09:30:33 UTC
+++ src/libFLAC/stream_decoder.c
@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC
*
***********************************************************************/
-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
/***********************************************************************
*
@@ -1365,6 +1365,10 @@ FLAC__bool find_metadata_(FLAC__StreamDe
id = 0;
continue;
}
+
+ if(id >= 3)
+ return false;
+
if(x == ID3V2_TAG_[id]) {
id++;
i = 0;
@@ -2705,7 +2709,8 @@ FLAC__bool read_residual_partitioned_ric
if(decoder->private_->frame.header.blocksize < predictor_order) {
send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
- return true;
+ /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */
+ return false;
}
}
else {