Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13590
Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2019-13590 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../sox/sox/CVE-2019-13590.patch | 34 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch new file mode 100644 index 0000000000..4877ba8b53 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch @@ -0,0 +1,34 @@ +From aa8f02729962a0ee5e9864de90871fa821f262be Mon Sep 17 00:00:00 2001 +From: Mans Rullgard <[email protected]> +Date: Tue, 4 Feb 2020 12:55:18 +0000 +Subject: [PATCH] sox-fmt: validate comments_bytes before use (CVE-2019-13590) + [bug #325] + +Cap the comments size to 1 GB to avoid overflows in subsequent +arithmetic. + +The missing null check mentioned in the bug report is bogus since +lsx_calloc() returns a valid pointer or aborts. + +CVE: CVE-2019-13590 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/7b6a889217d62ed7e28188621403cc7542fd1f7e] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/sox-fmt.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/sox-fmt.c b/src/sox-fmt.c +index aad965c..11c8877 100644 +--- a/src/sox-fmt.c ++++ b/src/sox-fmt.c +@@ -46,7 +46,9 @@ static int startread(sox_format_t * ft) + lsx_readdw(ft, &comments_bytes)) + return SOX_EOF; + +- if (((headers_bytes + 4) & 7) || headers_bytes < FIXED_HDR + comments_bytes || ++ if (((headers_bytes + 4) & 7) || ++ comments_bytes > 0x40000000 || /* max 1 GB */ ++ headers_bytes < FIXED_HDR + comments_bytes || + (num_channels > 65535)) /* Reserve top 16 bits */ { + lsx_fail_errno(ft, SOX_EHDR, "invalid sox file format header"); + return SOX_EOF; diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 8606eb6c0f..5b47382334 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -38,6 +38,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-15372.patch \ file://CVE-2017-15642.patch \ file://CVE-2017-18189.patch \ + file://CVE-2019-13590.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123887): https://lists.openembedded.org/g/openembedded-devel/message/123887 Mute This Topic: https://lists.openembedded.org/mt/117467448/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
