Security fixes for FLAC:

CVE-2014-8962: Heap buffer read overflow when processing ID3V2 metadata CVE-2014-9028: Heap buffer write overflow in read_residual_partitioned_rice_
2014-11-25 20:42:18 +00:00 · 2014-11-25 20:42:18 +00:00 · df78af0d14
commit df78af0d14
parent 63d45df97c
4 changed files with 43 additions and 5 deletions
--- a/audio/flac/Makefile
+++ b/audio/flac/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.44 2013/07/18 15:10:55 naddy Exp $
+# $OpenBSD: Makefile,v 1.45 2014/11/25 20:42:18 naddy Exp $

 COMMENT=	free lossless audio codec

 DISTNAME=	flac-1.3.0
-REVISION=	0
+REVISION=	1
 CATEGORIES=	audio archivers
 HOMEPAGE=	https://www.xiph.org/flac/
 SHARED_LIBS +=  FLAC                 10.0     # 11.0
--- a/audio/flac/patches/patch-src_libFLAC_stream_decoder_c
+++ b/audio/flac/patches/patch-src_libFLAC_stream_decoder_c
@ -0,0 +1,37 @@
+$OpenBSD: patch-src_libFLAC_stream_decoder_c,v 1.1 2014/11/25 20:42:18 naddy Exp $
+
+CVE-2014-8962: Heap buffer read overflow when processing ID3V2 metadata
+CVE-2014-9028: Heap buffer write overflow in read_residual_partitioned_rice_ 
+
+--- src/libFLAC/stream_decoder.c.orig	Sun May 26 11:30:33 2013
+++ src/libFLAC/stream_decoder.c	Tue Nov 25 20:58:16 2014
+@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC =
+  *
+  ***********************************************************************/
+ 
+-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
+ 
+ /***********************************************************************
+  *
+@@ -1365,6 +1365,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder
+ 			id = 0;
+ 			continue;
+ 		}
+
+		if(id >= 3)
+			return false;
+
+ 		if(x == ID3V2_TAG_[id]) {
+ 			id++;
+ 			i = 0;
+@@ -2705,7 +2709,8 @@ FLAC__bool read_residual_partitioned_rice_(FLAC__Strea
+ 		if(decoder->private_->frame.header.blocksize < predictor_order) {
+ 			send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
+ 			decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
+-			return true;
+			/* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */
+			return false;
+ 		}
+ 	}
+ 	else {
--- a/devel/quirks/Makefile
+++ b/devel/quirks/Makefile
@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.194 2014/11/07 08:52:25 ratchov Exp $
+# $OpenBSD: Makefile,v 1.195 2014/11/25 20:42:18 naddy Exp $

 COMMENT =	exceptions to pkg_add rules
 CATEGORIES =	devel databases
 DISTFILES =

 # API.rev
-PKGNAME =	quirks-2.40
+PKGNAME =	quirks-2.41
 PKG_ARCH =	*
 MAINTAINER =	Marc Espie <espie@openbsd.org>

--- a/devel/quirks/files/Quirks.pm
+++ b/devel/quirks/files/Quirks.pm
@ -1,7 +1,7 @@
 #! /usr/bin/perl

 # ex:ts=8 sw=4:
-# $OpenBSD: Quirks.pm,v 1.200 2014/11/07 08:52:25 ratchov Exp $
+# $OpenBSD: Quirks.pm,v 1.201 2014/11/25 20:42:18 naddy Exp $
 #
 # Copyright (c) 2009 Marc Espie <espie@openbsd.org>
 #
@ -568,6 +568,7 @@ my $cve = {
 	'www/cherokee,-ldap' => 'cherokee-ldap-<1.2.101p6',
 	'shells/bash' => 'bash-<4.3.27',
 	'www/drupal7/core' => 'drupal->=7.0,<7.32',
+	'audio/flac' => 'flac-<1.3.0p1',
 };

 # ->check_security($path)