r1375 - in /unstable/vlc/debian: changelog patches/407-mms-overflow.diff patches/series

xtophe-guest at users.alioth.debian.org xtophe-guest at users.alioth.debian.org
Mon Aug 25 00:12:05 UTC 2008


Author: xtophe-guest
Date: Mon Aug 25 00:12:05 2008
New Revision: 1375

URL: http://svn.debian.org/wsvn/pkg-multimedia/?sc=1&rev=1375
Log:
fix integer overflow in mms

Added:
    unstable/vlc/debian/patches/407-mms-overflow.diff
Modified:
    unstable/vlc/debian/changelog
    unstable/vlc/debian/patches/series

Modified: unstable/vlc/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/changelog?rev=1375&op=diff
==============================================================================
--- unstable/vlc/debian/changelog (original)
+++ unstable/vlc/debian/changelog Mon Aug 25 00:12:05 2008
@@ -1,3 +1,10 @@
+vlc (0.8.6.h-4) unstable; urgency=high
+
+  * Security: Fix integer overflow in mms module
+    (Closes: #496265)(407-mms-overflow.diff taken from upstream)
+
+ -- Christophe Mutricy <xtophe at videolan.org>  Mon, 25 Aug 2008 01:07:27 +0100
+
 vlc (0.8.6.h-3) unstable; urgency=low
 
   * Minor cleanups.

Added: unstable/vlc/debian/patches/407-mms-overflow.diff
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/patches/407-mms-overflow.diff?rev=1375&op=file
==============================================================================
--- unstable/vlc/debian/patches/407-mms-overflow.diff (added)
+++ unstable/vlc/debian/patches/407-mms-overflow.diff Mon Aug 25 00:12:05 2008
@@ -1,0 +1,117 @@
+commit 2947f778df4f440ceeb6f5dc1bdb0e9f5cd31e74
+Author: Rémi Denis-Courmont <rdenis at simphalempin.com>
+Date:   Sun Aug 24 13:18:01 2008 +0300
+
+    MMS integers handling fixes, including buffer overflow
+    
+    Pointed-out-by: Pınar Yanardağ
+    (cherry picked from commit afe3464a1c7c6f9d7640a3f5db17010c34212440)
+    
+    Conflicts:
+    
+    	modules/access/mms/mmstu.c
+
+diff --git a/modules/access/mms/mmstu.c b/modules/access/mms/mmstu.c
+index 61f9e38..df5ec78 100644
+--- a/modules/access/mms/mmstu.c
++++ b/modules/access/mms/mmstu.c
+@@ -28,6 +28,7 @@
+ #include <stdlib.h>
+ #include <vlc/vlc.h>
+ #include <string.h>
++#include <inttypes.h>
+ #include <vlc/input.h>
+ #include <errno.h>
+ 
+@@ -695,7 +696,7 @@ static int MMSOpen( access_t  *p_access, vlc_url_t *p_url, int  i_proto )
+         GetDWLE( p_sys->p_cmd + MMS_CMD_HEADERSIZE + 60 );
+ 
+     msg_Dbg( p_access,
+-             "answer 0x06 flags:0x%8.8x media_length:%us packet_length:%lu packet_count:%u max_bit_rate:%d header_size:%d",
++             "answer 0x06 flags:0x%8.8"PRIx32" media_length:%"PRIu32"s packet_length:%zu packet_count:%"PRIu32" max_bit_rate:%d header_size:%zu",
+              p_sys->i_flags_broadcast,
+              p_sys->i_media_length,
+              p_sys->i_packet_length,
+@@ -749,12 +750,12 @@ static int MMSOpen( access_t  *p_access, vlc_url_t *p_url, int  i_proto )
+         if( p_sys->i_header >= p_sys->i_header_size )
+         {
+             msg_Dbg( p_access,
+-                     "header complete(%d)",
++                     "header complete(%zu)",
+                      p_sys->i_header );
+             break;
+         }
+         msg_Dbg( p_access,
+-                 "header incomplete (%d/%d), reading more",
++                 "header incomplete (%zu/%zu), reading more",
+                  p_sys->i_header,
+                  p_sys->i_header_size );
+     }
+@@ -1128,7 +1129,7 @@ static int NetFillBuffer( access_t *p_access )
+ 
+ static int  mms_ParseCommand( access_t *p_access,
+                               uint8_t *p_data,
+-                              int i_data,
++                              size_t i_data,
+                               int *pi_used )
+ {
+  #define GET32( i_pos ) \
+@@ -1137,7 +1138,7 @@ static int  mms_ParseCommand( access_t *p_access,
+       ( p_sys->p_cmd[i_pos + 3] << 24 ) )
+ 
+     access_sys_t        *p_sys = p_access->p_sys;
+-    int         i_length;
++    uint32_t    i_length;
+     uint32_t    i_id;
+ 
+     if( p_sys->p_cmd )
+@@ -1159,10 +1160,10 @@ static int  mms_ParseCommand( access_t *p_access,
+     i_id =  GetDWLE( p_data + 4 );
+     i_length = GetDWLE( p_data + 8 ) + 16;
+ 
+-    if( i_id != 0xb00bface )
++    if( i_id != 0xb00bface || i_length < 16 )
+     {
+         msg_Err( p_access,
+-                 "incorrect command header (0x%x)", i_id );
++                 "incorrect command header (0x%"PRIx32")", i_id );
+         p_sys->i_command = 0;
+         return -1;
+     }
+@@ -1170,8 +1171,8 @@ static int  mms_ParseCommand( access_t *p_access,
+     if( i_length > p_sys->i_cmd )
+     {
+         msg_Warn( p_access,
+-                  "truncated command (missing %d bytes)",
+-                   i_length - i_data  );
++                  "truncated command (missing %zu bytes)",
++                   (size_t)i_length - i_data  );
+         p_sys->i_command = 0;
+         return -1;
+     }
+diff --git a/modules/access/mms/mmstu.h b/modules/access/mms/mmstu.h
+index b265127..8d41fe7 100644
+--- a/modules/access/mms/mmstu.h
++++ b/modules/access/mms/mmstu.h
+@@ -62,10 +62,10 @@ struct access_sys_t
+     int         i_packet_seq_num;
+ 
+     uint8_t     *p_cmd;     /* latest command read */
+-    int         i_cmd;      /* allocated at the begining */
++    size_t      i_cmd;      /* allocated at the begining */
+ 
+     uint8_t     *p_header;  /* allocated by mms_ReadPacket */
+-    int         i_header;
++    size_t      i_header;
+ 
+     uint8_t     *p_media;   /* allocated by mms_ReadPacket */
+     size_t      i_media;
+@@ -86,7 +86,7 @@ struct access_sys_t
+     size_t      i_packet_length;
+     uint32_t    i_packet_count;
+     int         i_max_bit_rate;
+-    int         i_header_size;
++    size_t      i_header_size;
+ 
+     /* */
+     vlc_bool_t  b_seekable;

Modified: unstable/vlc/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/patches/series?rev=1375&op=diff
==============================================================================
--- unstable/vlc/debian/patches/series (original)
+++ unstable/vlc/debian/patches/series Mon Aug 25 00:12:05 2008
@@ -10,3 +10,4 @@
 401-CVE-2008-2430.diff
 405-CVE-2008-3732.diff
 406-live555-crash.diff
+407-mms-overflow.diff




More information about the pkg-multimedia-commits mailing list