diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2018-12-04 12:16:29 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-12-04 12:17:12 +0000 |
commit | d25107e8a0abff1db592d5a79b4cd03b670ff905 (patch) | |
tree | e8b4be69ede2c8b278cbb7e801d69c9c375d54c9 /main | |
parent | 76f4b25ec96a95a78534b761f30ecfa79cfe70cc (diff) | |
download | aports-d25107e8a0abff1db592d5a79b4cd03b670ff905.tar.bz2 aports-d25107e8a0abff1db592d5a79b4cd03b670ff905.tar.xz |
main/libao: security fix for CVE-2017-11548
fixes #9208
Diffstat (limited to 'main')
-rw-r--r-- | main/libao/APKBUILD | 13 | ||||
-rw-r--r-- | main/libao/CVE-2017-11548.patch | 177 |
2 files changed, 187 insertions, 3 deletions
diff --git a/main/libao/APKBUILD b/main/libao/APKBUILD index 5ed18e885e..6b7560afc1 100644 --- a/main/libao/APKBUILD +++ b/main/libao/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libao pkgver=1.2.0 -pkgrel=2 +pkgrel=3 pkgdesc="Cross-platform audio output library and plugins" url="http://www.xiph.org/ao" arch="all" @@ -10,7 +10,13 @@ license="GPL-2.0+" subpackages="$pkgname-dev $pkgname-doc" depends="" makedepends="alsa-lib-dev" -source="http://downloads.xiph.org/releases/ao/$pkgname-$pkgver.tar.gz" +source="http://downloads.xiph.org/releases/ao/$pkgname-$pkgver.tar.gz + CVE-2017-11548.patch + " + +# secfixes: +# 1.2.0-r3: +# - CVE-2017-11548 build() { cd "$builddir" @@ -28,4 +34,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="9456953826c188d67129ad78366bb86d6243499f2cd340d20d61366f7e40a33f3f8ab601c7f18ce9e24aa22f898093b482b2415b7e428c1486ef7e5ac27b3ee4 libao-1.2.0.tar.gz" +sha512sums="9456953826c188d67129ad78366bb86d6243499f2cd340d20d61366f7e40a33f3f8ab601c7f18ce9e24aa22f898093b482b2415b7e428c1486ef7e5ac27b3ee4 libao-1.2.0.tar.gz +2108047bf0b17b1a516c6acaa7d373f46f0c8efe8d355c5353abf73ead987b5a3b97a102ebd596113ca8670d303c13922e5cca764c0604971a1ccac4cba770be CVE-2017-11548.patch" diff --git a/main/libao/CVE-2017-11548.patch b/main/libao/CVE-2017-11548.patch new file mode 100644 index 0000000000..6f2aa7a143 --- /dev/null +++ b/main/libao/CVE-2017-11548.patch @@ -0,0 +1,177 @@ +diff --git a/src/audio_out.c b/src/audio_out.c +index bd8f6fc..f5942d6 100644 +--- a/src/audio_out.c ++++ b/src/audio_out.c +@@ -634,6 +634,10 @@ static char *_sanitize_matrix(int maxchannels, char *matrix, ao_device *device){ + char *ret = calloc(strlen(matrix)+1,1); /* can only get smaller */ + char *p=matrix; + int count=0; ++ ++ if(!ret) ++ return NULL; ++ + while(count<maxchannels){ + char *h,*t; + int m=0; +@@ -706,6 +710,15 @@ static int _find_channel(int needle, char *haystack){ + return -1; + } + ++static void _free_map(char **m){ ++ char **in=m; ++ while(m && *m){ ++ free(*m); ++ m++; ++ } ++ if(in)free(in); ++} ++ + static char **_tokenize_matrix(char *matrix){ + char **ret=NULL; + char *p=matrix; +@@ -730,6 +743,8 @@ static char **_tokenize_matrix(char *matrix){ + } + + ret = calloc(count+1,sizeof(*ret)); ++ if(!ret) ++ return NULL; + + p=matrix; + count=0; +@@ -748,6 +763,10 @@ static char **_tokenize_matrix(char *matrix){ + while(t>p && isspace(*(t-1)))t--; + + ret[count] = calloc(t-p+1,1); ++ if(!ret[count]){ ++ _free_map(ret); ++ return NULL; ++ } + memcpy(ret[count],p,t-p); + count++; + if(!*h)break; +@@ -755,16 +774,6 @@ static char **_tokenize_matrix(char *matrix){ + } + + return ret; +- +-} +- +-static void _free_map(char **m){ +- char **in=m; +- while(m && *m){ +- free(*m); +- m++; +- } +- if(in)free(in); + } + + static unsigned int _matrix_to_channelmask(int ch, char *matrix, char *premap, int **mout){ +@@ -772,7 +781,14 @@ static unsigned int _matrix_to_channelmask(int ch, char *matrix, char *premap, i + char *p=matrix; + int *perm=(*mout=malloc(ch*sizeof(*mout))); + int i; +- char **map = _tokenize_matrix(premap); ++ char **map; ++ ++ if(!perm) ++ return 0; ++ ++ map = _tokenize_matrix(premap); ++ if(!map) ++ return 0; + + for(i=0;i<ch;i++) perm[i] = -1; + i=0; +@@ -810,6 +826,9 @@ static char *_channelmask_to_matrix(unsigned int mask, char *premap){ + char buffer[257]={0}; + char **map = _tokenize_matrix(premap); + ++ if(!map) ++ return NULL; ++ + while(map[m]){ + if(mask & (1<<m)){ + if(count) +@@ -849,6 +868,9 @@ static char *_matrix_intersect(char *matrix,char *premap){ + int count=0; + char **map = _tokenize_matrix(premap); + ++ if(!map) ++ return NULL; ++ + while(1){ + char *h=p; + int m=0; +@@ -1039,7 +1061,7 @@ static ao_device* _open_device(int driver_id, ao_sample_format *format, + device->output_matrix, + &device->input_map); + int channels = _channelmask_bits(mask); +- if(channels<0){ ++ if(channels<=0){ + aerror("Unable to map any channels from input matrix to output"); + errno = AO_EBADFORMAT; + goto error; +@@ -1060,7 +1082,7 @@ static ao_device* _open_device(int driver_id, ao_sample_format *format, + device->output_matrix, + &device->input_map); + int channels = _channelmask_bits(mask); +- if(channels<0){ ++ if(channels<=0){ + aerror("Unable to map any channels from input matrix to output"); + errno = AO_EBADFORMAT; + goto error; +@@ -1111,6 +1133,10 @@ static ao_device* _open_device(int driver_id, ao_sample_format *format, + int count=0; + device->inter_permute = calloc(device->output_channels,sizeof(int)); + ++ if (!device->inter_permute) { ++ errno = AO_EFAIL; ++ goto error; ++ } + adebug("\n"); + + while(count<device->output_channels){ +@@ -1157,8 +1183,10 @@ static ao_device* _open_device(int driver_id, ao_sample_format *format, + for(i=0;i<device->output_channels;i++) + if(device->inter_permute[i]==j)break; + if(i==device->output_channels){ +- adebug("input %d (%s)\t -> none\n", +- j,inch[j]); ++ if(inch){ ++ adebug("input %d (%s)\t -> none\n", ++ j,inch[j]); ++ } + unflag=1; + } + } +diff --git a/src/plugins/macosx/ao_macosx.c b/src/plugins/macosx/ao_macosx.c +index a3daf1b..129020d 100644 +--- a/src/plugins/macosx/ao_macosx.c ++++ b/src/plugins/macosx/ao_macosx.c +@@ -594,11 +594,11 @@ int ao_plugin_open(ao_device *device, ao_sample_format *format) + internal->firstValidByteOffset = 0; + internal->validByteCount = 0; + internal->buffer = malloc(internal->bufferByteCount); +- memset(internal->buffer, 0, internal->bufferByteCount); + if (!internal->buffer) { + aerror("Unable to allocate queue buffer.\n"); + return 0; + } ++ memset(internal->buffer, 0, internal->bufferByteCount); + + /* limited to stereo for now */ + //if(!device->output_matrix) +diff --git a/src/plugins/sndio/ao_sndio.c b/src/plugins/sndio/ao_sndio.c +index ec251fb..e23fd47 100644 +--- a/src/plugins/sndio/ao_sndio.c ++++ b/src/plugins/sndio/ao_sndio.c +@@ -67,6 +67,9 @@ int ao_plugin_device_init(ao_device *device) + { + ao_sndio_internal *internal; + internal = (ao_sndio_internal *) calloc(1,sizeof(*internal)); ++ if (internal == NULL) ++ return 0; ++ + internal->id=-1; + device->internal = internal; + device->output_matrix_order = AO_OUTPUT_MATRIX_FIXED; |