diff options
author | Timo Teräs <timo.teras@iki.fi> | 2015-01-30 11:07:10 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2015-01-30 11:07:10 +0200 |
commit | 6285fa299ce16c6502150c257935bfdbc3aaf5d9 (patch) | |
tree | df77ae6cbf7891754d47d12680107951036b7cec | |
parent | b5baa711a9758d453cb33a6e23de7163e5b40c66 (diff) | |
download | aports-6285fa299ce16c6502150c257935bfdbc3aaf5d9.tar.bz2 aports-6285fa299ce16c6502150c257935bfdbc3aaf5d9.tar.xz |
main/sox: security fix for CVE-2014-8145
ref #3822
-rw-r--r-- | main/sox/0001-Check-for-minimum-size-sphere-headers.patch | 28 | ||||
-rw-r--r-- | main/sox/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch | 28 | ||||
-rw-r--r-- | main/sox/APKBUILD | 10 |
3 files changed, 65 insertions, 1 deletions
diff --git a/main/sox/0001-Check-for-minimum-size-sphere-headers.patch b/main/sox/0001-Check-for-minimum-size-sphere-headers.patch new file mode 100644 index 0000000000..f01fec390d --- /dev/null +++ b/main/sox/0001-Check-for-minimum-size-sphere-headers.patch @@ -0,0 +1,28 @@ +From 55e33019afcb3256cccedf606548b86816f6da59 Mon Sep 17 00:00:00 2001 +From: Chris Bagwell <chris@cnpbagwell.com> +Date: Sat, 13 Dec 2014 12:48:37 -0600 +Subject: [PATCH 1/2] Check for minimum size sphere headers + +--- + src/sphere.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/sphere.c b/src/sphere.c +index 479a552..a3fd1c6 100644 +--- a/src/sphere.c ++++ b/src/sphere.c +@@ -47,6 +47,11 @@ static int start_read(sox_format_t * ft) + + /* Determine header size, and allocate a buffer large enough to hold it. */ + sscanf(fldsval, "%lu", &header_size_ul); ++ if (header_size_ul < 16) { ++ lsx_fail_errno(ft, SOX_EHDR, "Error reading Sphere header"); ++ return (SOX_EOF); ++ } ++ + buf = lsx_malloc(header_size = header_size_ul); + + /* Skip what we have read so far */ +-- +2.1.0 + diff --git a/main/sox/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch b/main/sox/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch new file mode 100644 index 0000000000..72c2d765a9 --- /dev/null +++ b/main/sox/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch @@ -0,0 +1,28 @@ +From ebb64cddde59ecc9cedf3741ce2337c72148cc0c Mon Sep 17 00:00:00 2001 +From: Chris Bagwell <chris@cnpbagwell.com> +Date: Sat, 13 Dec 2014 12:49:55 -0600 +Subject: [PATCH 2/2] More checks for invalid MS ADPCM blocks. + +If block doesn't exacty match blockAlign then do not allow +number of samples in invalid size block to ever be more than +what WAV header defined as samplesPerBlock. +--- + src/wav.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/wav.c b/src/wav.c +index 61d5908..5202556 100644 +--- a/src/wav.c ++++ b/src/wav.c +@@ -168,7 +168,7 @@ static unsigned short AdpcmReadBlock(sox_format_t * ft) + /* work with partial blocks. Specs say it should be null */ + /* padded but I guess this is better than trailing quiet. */ + samplesThisBlock = lsx_ms_adpcm_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t)0); +- if (samplesThisBlock == 0) ++ if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock) + { + lsx_warn("Premature EOF on .wav input file"); + return 0; +-- +2.1.0 + diff --git a/main/sox/APKBUILD b/main/sox/APKBUILD index ed392708fd..a50bfc64c3 100644 --- a/main/sox/APKBUILD +++ b/main/sox/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=sox pkgver=14.4.1 -pkgrel=1 +pkgrel=2 pkgdesc="The Swiss Army knife of sound processing tools" url="http://sox.sourceforge.net/" arch="all" @@ -13,6 +13,8 @@ makedepends="ffmpeg-dev libao-dev libvorbis-dev libogg-dev lame-dev depends= subpackages="$pkgname-dev $pkgname-doc" source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.gz + 0001-Check-for-minimum-size-sphere-headers.patch + 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch sox-uclibc.patch " @@ -50,8 +52,14 @@ package() { || return 1 } md5sums="670307f40763490a2bc0d1f322071e7a sox-14.4.1.tar.gz +fd71128112abc7b79d1f7f87d33b2a28 0001-Check-for-minimum-size-sphere-headers.patch +f909976e1ac57a2cf10aaecf29d7abbf 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch b734d72321470f9aaf44464878b1d12f sox-uclibc.patch" sha256sums="9a8c2c6fe51e608da346a157e111508a957af9e3ecf3de26781d36e9a67fa89b sox-14.4.1.tar.gz +0c30b66aca138f90b88332fdd8e7b2235eb85803cf96b4e79f27fbc8d84bc07b 0001-Check-for-minimum-size-sphere-headers.patch +d1de894281ed906214c1606de386ec708efac1bca49a9e8cb8397d3ec6894cc0 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch 0d1447942cf64b0307baa7a16f0a91f553597be187d5c94eadc56d180615717d sox-uclibc.patch" sha512sums="a35c0f424ffaa51d06291e69b28ae7f2248a750fa8aded911dcd7e123877ecb5142c292f943eb723142c50dbd890b58163c6ef24c9c0573377855fad1b36fb25 sox-14.4.1.tar.gz +e0231026de666146ca09598d6113645b52c9f4ced3eaf4e437bff0c1507699463e2f4962d1fd55f97cce5077ed01f2f3abda64cf4d027ce78befa2e818378dfa 0001-Check-for-minimum-size-sphere-headers.patch +2603c995558ff25b67321845b80de3d1f326d374fce0b297ade4a956d5286c49b690b0c30bd2afc19ac5951ff8c203c5b45db9aff59da7cba0252feefb739c12 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch 08c55a0de96733e10544d450f39c2205b4057b9fc024503ec97b1906a075752ee8a4b0a1b4c5bbad2eebec17bcf8d069b22d243a63d28b77c23d545efcca6aec sox-uclibc.patch" |