Commit a22f0e86 authored by Pavlov Konstantin's avatar Pavlov Konstantin

Contrib: fix CVE-2008-2109 for libid3tag.

parent 3033a3df
...@@ -559,6 +559,7 @@ libid3tag-$(LIBID3TAG_VERSION).tar.gz: ...@@ -559,6 +559,7 @@ libid3tag-$(LIBID3TAG_VERSION).tar.gz:
libid3tag: libid3tag-$(LIBID3TAG_VERSION).tar.gz libid3tag: libid3tag-$(LIBID3TAG_VERSION).tar.gz
$(EXTRACT_GZ) $(EXTRACT_GZ)
patch -d libid3tag -p0 < Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch
.id3tag: libid3tag .id3tag: libid3tag
(cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) && make && make install) (cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) && make && make install)
......
*** field.c 2003-04-19 09:14:33.000000000 +0900
--- field-patched.c 2008-01-13 16:08:22.000000000 +0900
***************
*** 291,297 ****
end = *ptr + length;
! while (end - *ptr > 0) {
ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
if (ucs4 == 0)
goto fail;
--- 291,297 ----
end = *ptr + length;
! while (end - *ptr > 0 && **ptr != '\0') {
ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
if (ucs4 == 0)
goto fail;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment