summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJackie Huang <jackie.huang@windriver.com>2017-08-17 14:44:27 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-08-18 12:35:57 +0100
commitd92877ade8fd4dd9b548c6b664bf4357a1f9428a (patch)
treefa83faaac7541caf1422e6fcb313a5af5064f6ea
parent28404157e07a915d1445166df566c8838f2cce57 (diff)
downloadopenembedded-core-d92877ade8fd4dd9b548c6b664bf4357a1f9428a.tar.gz
openembedded-core-d92877ade8fd4dd9b548c6b664bf4357a1f9428a.tar.bz2
openembedded-core-d92877ade8fd4dd9b548c6b664bf4357a1f9428a.zip
libsndfile1: Fix CVE-2017-8361 and CVE-2017-8365
Backport the patch to fix two CVEs: CVE-2017-8361: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVE-2017-8365: The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-8361 https://nvd.nist.gov/vuln/detail/CVE-2017-8365 Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch73
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb1
2 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch
new file mode 100644
index 0000000000..ac99516bb3
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch
@@ -0,0 +1,73 @@
+From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 12 Apr 2017 19:45:30 +1000
+Subject: [PATCH] FLAC: Fix a buffer read overrun
+
+Buffer read overrun occurs when reading a FLAC file that switches
+from 2 channels to one channel mid-stream. Only option is to
+abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/230
+
+CVE: CVE-2017-8361 CVE-2017-8365
+
+Upstream-Status: Backport [https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3]
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ src/common.h | 1 +
+ src/flac.c | 13 +++++++++++++
+ src/sndfile.c | 1 +
+ 3 files changed, 15 insertions(+)
+
+diff --git a/src/common.h b/src/common.h
+index 0bd810c..e2669b6 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -725,6 +725,7 @@ enum
+ SFE_FLAC_INIT_DECODER,
+ SFE_FLAC_LOST_SYNC,
+ SFE_FLAC_BAD_SAMPLE_RATE,
++ SFE_FLAC_CHANNEL_COUNT_CHANGED,
+ SFE_FLAC_UNKOWN_ERROR,
+
+ SFE_WVE_NOT_WVE,
+diff --git a/src/flac.c b/src/flac.c
+index 84de0e2..986a7b8 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+
+ switch (metadata->type)
+ { case FLAC__METADATA_TYPE_STREAMINFO :
++ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++ "Nothing to be but to error out.\n" ,
++ psf->sf.channels, metadata->data.stream_info.channels) ;
++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++ return ;
++ } ;
++
++ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++ "Carrying on as if nothing happened.",
++ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++ } ;
+ psf->sf.channels = metadata->data.stream_info.channels ;
+ psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+ psf->sf.frames = metadata->data.stream_info.total_samples ;
+diff --git a/src/sndfile.c b/src/sndfile.c
+index 4187561..e2a87be 100644
+--- a/src/sndfile.c
++++ b/src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+ { SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." },
+ { SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." },
+ { SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+ { SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." },
+
+ { SFE_WVE_NOT_WVE , "Error : not a WVE file." },
+--
+2.7.4
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index e6a92a2a41..f80ce2fc99 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -7,6 +7,7 @@ LICENSE = "LGPLv2.1"
SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
file://CVE-2017-6892.patch \
+ file://CVE-2017-8361-8365.patch \
"
SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-19 10:45:41 +0000