Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15370
Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-15370 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../sox/sox/CVE-2017-15370.patch | 29 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15370.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15370.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15370.patch new file mode 100644 index 0000000000..39a18ebd9a --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15370.patch @@ -0,0 +1,29 @@ +From cd7a008958d208345de04c7b6306c79a8a933f32 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard <[email protected]> +Date: Sun, 5 Nov 2017 16:21:23 +0000 +Subject: [PATCH] wav: ima_adpcm: fix buffer overflow on corrupt input + (CVE-2017-15370) + +Add the same check bad block size as was done for MS adpcm in commit +f39c574b ("More checks for invalid MS ADPCM blocks"). + +CVE: CVE-2017-15370 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/ef3d8be0f80cbb650e4766b545d61e10d7a24c9e] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/wav.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/wav.c b/src/wav.c +index eca1cde..fad334c 100644 +--- a/src/wav.c ++++ b/src/wav.c +@@ -127,7 +127,7 @@ static unsigned short ImaAdpcmReadBlock(sox_format_t * ft) + /* work with partial blocks. Specs say it should be null */ + /* padded but I guess this is better than trailing quiet. */ + samplesThisBlock = lsx_ima_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t) 0); +- if (samplesThisBlock == 0) ++ if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock) + { + lsx_warn("Premature EOF on .wav input file"); + return 0; diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 18ce9a95d0..ae5d6d2010 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -33,6 +33,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-11332.patch \ file://CVE-2017-11358.patch \ file://CVE-2017-11359.patch \ + file://CVE-2017-15370.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123881): https://lists.openembedded.org/g/openembedded-devel/message/123881 Mute This Topic: https://lists.openembedded.org/mt/117467442/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
