rev 13349 - in kde-extras/amarok/trunk/debian: . patches

Modestas Vainius modax-guest at alioth.debian.org
Wed Jan 14 19:10:12 UTC 2009 

Author: modax-guest
Date: 2009-01-14 19:10:11 +0000 (Wed, 14 Jan 2009)
New Revision: 13349

Added:
   kde-extras/amarok/trunk/debian/patches/20_security_audible_tags.diff
Modified:
   kde-extras/amarok/trunk/debian/changelog
   kde-extras/amarok/trunk/debian/patches/series
Log:
* Add 20_security_audible_tags.diff patch to fix integer overflow while
  reading audible aa file tags.
* Urgengy high due to security fix.
* New upstream release:
  - [Secunia SA31418] Fixes insecure temporary file creation
    (Closes: #494765).
* Urgency high due to security fix.

Modified: kde-extras/amarok/trunk/debian/changelog
===================================================================
--- kde-extras/amarok/trunk/debian/changelog	2009-01-14 14:41:03 UTC (rev 13348)
+++ kde-extras/amarok/trunk/debian/changelog	2009-01-14 19:10:11 UTC (rev 13349)
@@ -1,3 +1,20 @@
+amarok (1.4.10-2) unstable; urgency=high
+
+  * Add 20_security_audible_tags.diff patch to fix integer overflow while
+    reading audible aa file tags.
+  * Urgengy high due to security fix.
+
+ -- Modestas Vainius <modestas at vainius.eu>  Sat, 10 Jan 2009 13:56:55 +0200
+
+amarok (1.4.10-1) unstable; urgency=high
+
+  * New upstream release:
+    - [Secunia SA31418] Fixes insecure temporary file creation
+      (Closes: #494765).
+  * Urgency high due to security fix.
+
+ -- Modestas Vainius <modestas at vainius.eu>  Thu, 14 Aug 2008 21:35:56 +0300
+
 amarok (1.4.9.1-3) unstable; urgency=low
 
   * Make amarok depend strictly on the same source version of amarok-common (=)

Added: kde-extras/amarok/trunk/debian/patches/20_security_audible_tags.diff
===================================================================
--- kde-extras/amarok/trunk/debian/patches/20_security_audible_tags.diff	                        (rev 0)
+++ kde-extras/amarok/trunk/debian/patches/20_security_audible_tags.diff	2009-01-14 19:10:11 UTC (rev 13349)
@@ -0,0 +1,100 @@
+integer overflow in reading audible aa file tags in amarok 1.x
+and newer.
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,6 +1,9 @@
+ Amarok ChangeLog
+ ================
+-(C) 2002-2007 the Amarok authors.
++(C) 2002-2009 the Amarok authors.
++
++  BUGFIX:
++    * Fix possible buffer overflows when parsing Audible .aa files.
+ 
+ VERSION 1.4.10
+   BUGFIX:
+--- a/amarok/src/metadata/audible/audibletag.cpp
++++ b/amarok/src/metadata/audible/audibletag.cpp
+@@ -71,7 +71,8 @@
+ {
+     char buf[1023];
+     fseek(fp, OFF_PRODUCT_ID, SEEK_SET);
+-    fread(buf, strlen("product_id"), 1, fp);
++    if (fread(buf, strlen("product_id"), 1, fp) != 1)
++        return;
+     if(memcmp(buf, "product_id", strlen("product_id")))
+     {
+         buf[20]='\0';
+@@ -130,24 +131,65 @@
+ 
+ bool Audible::Tag::readTag( FILE *fp, char **name, char **value)
+ {
++    // arbitrary value that has to be smaller than 2^32-1 and that should be large enough for all tags                                                                                         
++    const uint32_t maxtaglen = 100000;    
++
+     uint32_t nlen;
+-    fread(&nlen, sizeof(nlen), 1, fp);
++    if (fread(&nlen, sizeof(nlen), 1, fp) != 1)
++        return false;
+     nlen = ntohl(nlen);
+     //fprintf(stderr, "tagname len=%x\n", (unsigned)nlen);
+-    *name = new char[nlen+1];
+-    (*name)[nlen] = '\0';
++    if (nlen > maxtaglen)
++        return false;
+ 
+     uint32_t vlen;
+-    fread(&vlen, sizeof(vlen), 1, fp);
++    if (fread(&vlen, sizeof(vlen), 1, fp) != 1)
++        return false;
+     vlen = ntohl(vlen);
+     //fprintf(stderr, "tag len=%x\n", (unsigned)vlen);
++    if (vlen > maxtaglen)
++        return false;
++
++    *name = new char[nlen+1];
++    if (!*name)
++        return false;
++        
+     *value = new char[vlen+1];
++    if (!*value)
++    {
++        delete[] *name;
++        *name = 0;
++        return false;
++    }
++
++    (*name)[nlen] = '\0';
+     (*value)[vlen] = '\0';
+ 
+-    fread(*name, nlen, 1, fp);
+-    fread(*value, vlen, 1, fp);
++    if (fread(*name, nlen, 1, fp) != 1)
++    {
++        delete[] *name;
++        *name = 0;
++        delete[] *value;
++        *value = 0;
++        return false;
++    }
++    if (fread(*value, vlen, 1, fp) != 1)
++    {
++        delete[] *name;
++        *name = 0;
++        delete[] *value;
++        *value = 0;
++        return false;
++    }
+     char lasttag;
+-    fread(&lasttag, 1, 1, fp);
++    if (fread(&lasttag, 1, 1, fp) != 1)
++    {
++        delete[] *name;
++        *name = 0;
++        delete[] *value;
++        *value = 0;
++        return false;
++    }
+     //fprintf(stderr, "%s: \"%s\"\n", *name, *value);
+ 
+     m_tagsEndOffset += 2 * 4 + nlen + vlen + 1;

Modified: kde-extras/amarok/trunk/debian/patches/series
===================================================================
--- kde-extras/amarok/trunk/debian/patches/series	2009-01-14 14:41:03 UTC (rev 13348)
+++ kde-extras/amarok/trunk/debian/patches/series	2009-01-14 19:10:11 UTC (rev 13349)
@@ -14,4 +14,5 @@
 17_xiph_audio_mimetypes.diff
 18_add_lastfm_recommended_radio.diff
 19_amarok_play_audiocd.desktop.diff
+20_security_audible_tags.diff
 97_automake_cleanup.diff

More information about the pkg-kde-commits mailing list