fix buffer overflow in aiff (CVE-2017-6892,rhbz#1463328)

This commit is contained in:
Michal Hlavinka 2017-06-21 15:03:53 +02:00
parent 1108fba06f
commit 376b103aa2
2 changed files with 31 additions and 1 deletions

View File

@ -0,0 +1,25 @@
From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Tue, 23 May 2017 20:15:24 +1000
Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
Secunia Advisory SA76717.
Found by: Laurent Delosieres, Secunia Research at Flexera Software
---
src/aiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/aiff.c b/src/aiff.c
index 5b5f9f53..45864b76 100644
--- a/src/aiff.c
+++ b/src/aiff.c
@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
psf_binheader_readf (psf, "j", dword - bytesread) ;
if (map_info->channel_map != NULL)
- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
free (psf->channel_map) ;

View File

@ -1,7 +1,7 @@
Summary: Library for reading and writing sound files
Name: libsndfile
Version: 1.0.28
Release: 2%{?dist}
Release: 3%{?dist}
License: LGPLv2+ and GPLv2+ and BSD
Group: System Environment/Libraries
URL: http://www.mega-nerd.com/libsndfile/
@ -10,6 +10,7 @@ Patch0: libsndfile-1.0.25-system-gsm.patch
Patch1: libsndfile-1.0.25-zerodivfix.patch
Patch2: revert.patch
Patch3: libsndfile-1.0.28-flacbufovfl.patch
Patch4: libsndfile-1.0.29-cve2017_6892.patch
BuildRequires: alsa-lib-devel
BuildRequires: flac-devel
BuildRequires: libogg-devel
@ -58,6 +59,7 @@ This package contains command line utilities for libsndfile.
%patch1 -p1 -b .zerodivfix
%patch2 -p1 -b .revert
%patch3 -p1 -b .flacbufovfl
%patch4 -p1 -b .cve2017_6892
rm -r src/GSM610
%build
@ -153,6 +155,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%changelog
* Wed Jun 21 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-3
- fix buffer overflow in aiff (CVE-2017-6892,rhbz#1463328)
* Mon Jun 05 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-2
- fix flac and pcm buffer overflows (CVE-2017-8361,CVE-2017-8362,CVE-2017-8363,CVE-2017-8365)