From patchwork Tue Jul 16 12:47:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 169061 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp810534ilk; Tue, 16 Jul 2019 05:47:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqyjcRUkkdfvyibbElYGjIdJg02I7LXuA4jGytvhN+fCKnWnk7ylCwhET0NHHea3Kn1jzJbA X-Received: by 2002:a63:c24d:: with SMTP id l13mr33808068pgg.330.1563281274639; Tue, 16 Jul 2019 05:47:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563281274; cv=none; d=google.com; s=arc-20160816; b=IxnC6rhZ1SQLQh13Cqz+jozezLdZ1iHalWBRpKMzpyW8eaeq7P4d+S7OxYYqt87vv2 JtEywA4M0sKedyFrLuirvsmlB0CWfTnpTb1NljweiSBUFfBi4zZkZ/v9WPIUKWkpJ4Et DpQG+kNuQvEImfEMus4m5+NQW4MI/KU276i99YZzVd5YeakY9A2clQ/+2ydFuIGTrCCh akBwaOPxcctCoDpfkzqdA+sHDn1oU9ByX0zl18M1uRic5EYF2gdIDz/hlLS/T4/yOvk/ XFaGSuA7FBUmY1EgIka14GX9ajMHiCt4GNFDCFQXAZTIJRQxqVsYAzUAziLrxG4v+yFf L5AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:delivered-to; bh=5QtYEjLW9RyDm9GPnxOBq9rgywNxiCbn7z7IlHsaFjo=; b=kYcfwnmGwldLQmi4Yy9CA5pzczGBK/tgdhJfH5F8DAKkMj10yEOCnUew7CfRE/yASQ 2wKcoAFH4m08N6agH5oqEcVWEKuAG72NjV89NBeuxlJGtGjkzBmZKyoQF5/XxPQhxht0 4srjj4c/Hl8o94wJbm//k+x+2lA7Amu+o5Wp+NpMd7yXmugz0O4rI6060etRXyVkNia0 mKM8nWRmRcOlFeY2LI3eit+FP3IJJjDXJ/UHFpx4KhQ+HEGKXf7v0nv3cX1V6Dr0s3jN M6wwk2tyz24upT/2+pPLCB5W8ZYhgLWuRpe74meTYZId4U5lrhucitiqv5SZTgwALKUG sOfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=NYEcq1wB; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id f7si18005039pgv.105.2019.07.16.05.47.54; Tue, 16 Jul 2019 05:47:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=NYEcq1wB; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 484047EBE2; Tue, 16 Jul 2019 12:47:45 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mail.openembedded.org (Postfix) with ESMTP id DA93D7E799 for ; Tue, 16 Jul 2019 12:47:43 +0000 (UTC) Received: by mail-wm1-f66.google.com with SMTP id w9so16683277wmd.1 for ; Tue, 16 Jul 2019 05:47:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=EupPyL+MedF6pPqew6L5uPCqrekRVoYgXmCNDPaZmao=; b=NYEcq1wBm3Ze0W8XkYWAp3QBea7mNneguriK0XuSUP2+F9JHH+V7sXcmyOAaFSDbbl 2PdJrRMwIOqGkayISdrHUDvskfI+j90ssmEuaTykBkXPCvJr8QyNUcY8vV/AHpLvKucC eSBw/JIrbTmxnGYyGjYjYECnzv0FogNaNuGnbN6pVO7+7RjVqiUyMzyG15HoLd0u4oGk gjvF7RwZYeLTKxehHXzsdQxmgNFtNEIwzmpAl1Nry6BU9oY8LSU8gp0yJRN0qxTGSpyo k1Rd75bQbEgo5iiSNNW9kCrnYOBKBfRG8ZneyQitICdNPqkJfN6IcVQW6pVA1zNXVxfY btyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=EupPyL+MedF6pPqew6L5uPCqrekRVoYgXmCNDPaZmao=; b=Nfn5Sx+nr503Q9tb5N7BeyyU5fBx96JeoPCpI3XKZ42xfeuHJGxiE39j1zknSFjbBv KLPXtMJDnNnJVh9c3Dx1HHdtelsAgPbjlex1U91xvNzNSoTCECm2Q70nM8g7dY2mHyL0 ON+20sHeUGlE/6af4tOvPOfgWtF3ZUKSHd+eaUYZiSvxl3Herl/VWgAz/j+dnXcaeR7D 3lPwdaF7j8Y3bw5omUbqiFJa9Rz6VzbOtWYTGYdeM3i3YvS2Q+deRIBbgFv6PYXseRlt 3A3rjmO4hmoX/gNoB26dvo2xX4DGHG6Mu0Ad4zPgbQojOWOw5IUsrhS44XWwpLe4g6u9 W3eQ== X-Gm-Message-State: APjAAAUDRswvpkI3BgM/IeEXNgG3o8nryKBouIQ1bXovrX0f+i5Uik8u eitHzmf/m4mh6bJ3ChLHVSRFUAkKfAk= X-Received: by 2002:a1c:f918:: with SMTP id x24mr29410907wmh.132.1563281264289; Tue, 16 Jul 2019 05:47:44 -0700 (PDT) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id o20sm47959960wrh.8.2019.07.16.05.47.43 for (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Tue, 16 Jul 2019 05:47:43 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Tue, 16 Jul 2019 13:47:39 +0100 Message-Id: <20190716124739.22442-1-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [OE-core] [PATCH] libid3tag: handle unknown encodings (CVE-2017-11550) X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Signed-off-by: Ross Burton --- .../libid3tag/unknown-encoding.patch | 39 +++++++++++++++++++ .../libid3tag/libid3tag_0.15.1b.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch b/meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch new file mode 100644 index 00000000000..f0867b5f01c --- /dev/null +++ b/meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch @@ -0,0 +1,39 @@ +In case of an unknown/invalid encoding, id3_parse_string() will +return NULL, but the return value wasn't checked resulting +in segfault in id3_ucs4_length(). This is the only place +the return value wasn't checked. + +Patch taken from Debian: +https://sources.debian.org/patches/libid3tag/0.15.1b-14/11_unknown_encoding.dpatch/ + +CVE: CVE-2017-11550 +Upstream-Status: Pending +Signed-off-by: Ross Burton + +diff -urNad libid3tag-0.15.1b~/compat.gperf libid3tag-0.15.1b/compat.gperf +--- libid3tag-0.15.1b~/compat.gperf 2004-01-23 09:41:32.000000000 +0000 ++++ libid3tag-0.15.1b/compat.gperf 2007-01-14 14:36:53.000000000 +0000 +@@ -236,6 +236,10 @@ + + encoding = id3_parse_uint(&data, 1); + string = id3_parse_string(&data, end - data, encoding, 0); ++ if (!string) ++ { ++ continue; ++ } + + if (id3_ucs4_length(string) < 4) { + free(string); +diff -urNad libid3tag-0.15.1b~/parse.c libid3tag-0.15.1b/parse.c +--- libid3tag-0.15.1b~/parse.c 2004-01-23 09:41:32.000000000 +0000 ++++ libid3tag-0.15.1b/parse.c 2007-01-14 14:37:34.000000000 +0000 +@@ -165,6 +165,9 @@ + case ID3_FIELD_TEXTENCODING_UTF_8: + ucs4 = id3_utf8_deserialize(ptr, length); + break; ++ default: ++ /* FIXME: Unknown encoding! Print warning? */ ++ return NULL; + } + + if (ucs4 && !full) { diff --git a/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb b/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb index 43edd3fe6a9..0312a610c07 100644 --- a/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb +++ b/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb @@ -14,6 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/mad/libid3tag-${PV}.tar.gz \ file://obsolete_automake_macros.patch \ file://0001-Fix-gperf-3.1-incompatibility.patch \ file://10_utf16.patch \ + file://unknown-encoding.patch \ " UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/" UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P.*)/$"