You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.3 KiB
34 lines
1.3 KiB
14 years ago
|
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
|
||
|
|
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
|
||
|
|
#
|
||
|
|
# Filename: package/.../libid3tag/libid3tag-0.15.1b-CVE-2008-2109.patch
|
||
|
|
# Copyright (C) 2011 The OpenSDE Project
|
||
|
|
#
|
||
|
|
# More information can be found in the files COPYING and README.
|
||
|
|
#
|
||
|
|
# This patch file is dual-licensed. It is available under the license the
|
||
|
|
# patched project is licensed under, as long as it is an OpenSource license
|
||
|
|
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
|
||
|
|
# of the GNU General Public License as published by the Free Software
|
||
|
|
# Foundation; either version 2 of the License, or (at your option) any later
|
||
|
|
# version.
|
||
|
|
# --- SDE-COPYRIGHT-NOTE-END ---
|
||
|
|
|
||
|
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2109
|
||
|
|
|
||
|
|
field.c in the libid3tag 0.15.0b library allows context-dependent attackers to
|
||
|
|
cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST
|
||
|
|
field that ends in '\0', which triggers an infinite loop.
|
||
|
|
|
||
|
|
--- libid3tag-0.15.1b/field.c.orig 2011-06-02 22:29:39.028006695 +0200
|
||
|
|
+++ libid3tag-0.15.1b/field.c 2011-06-02 22:30:35.064005391 +0200
|
||
|
|
@@ -291,7 +291,7 @@
|
||
|
|
|
||
|
|
end = *ptr + length;
|
||
|
|
|
||
|
|
- while (end - *ptr > 0) {
|
||
|
|
+ while (end - *ptr > 0 && **ptr != '\0') {
|
||
|
|
ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
|
||
|
|
if (ucs4 == 0)
|
||
|
|
goto fail;
|