cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix a buffer overflow in mplayer's CDDB parsing code;

Browse Source 
http://secunia.com/advisories/24302/

from Brad
This commit is contained in:
robert 2007-06-07 07:28:36 +00:00
parent 1fefbc10d2
commit fe103f439d
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
x11/mplayer/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.118 2007/04/28 11:09:51 kili Exp $
# $OpenBSD: Makefile,v 1.119 2007/06/07 07:28:36 robert Exp $
# May not be hard to add more.
ONLY_FOR_ARCHS= amd64 i386 powerpc sparc64 arm
@ -7,7 +7,7 @@ COMMENT= "Movie player supporting MPEG, DivX, AVI, ASF, MOV & more"
DISTNAME= MPlayer-1.0pre8
DIST_SUBDIR= mplayer
PKGNAME= ${DISTNAME:L}p13
PKGNAME= ${DISTNAME:L}p14
CATEGORIES= x11
EXTRACT_SUFX= .tar.bz2

30
x11/mplayer/patches/patch-libmpdemux_cddb_c Normal file
View File

@ -0,0 +1,30 @@
$OpenBSD: patch-libmpdemux_cddb_c,v 1.3 2007/06/07 07:28:36 robert Exp $
--- libmpdemux/cddb.c.orig Thu Jun 7 09:09:01 2007
+++ libmpdemux/cddb.c Thu Jun 7 09:09:52 2007
@@ -437,7 +437,7 @@ cddb_read_parse(HTTP_header_t *http_hdr, cddb_data_t *
switch(status) {
case 210:
- ret = sscanf( http_hdr->body, "%d %s %08lx", &status, category, &disc_id);
+ ret = sscanf( http_hdr->body, "%d %99s %08lx", &status, category, &disc_id);
if( ret!=3 ) {
mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
return -1;
@@ -498,7 +498,7 @@ cddb_parse_matches_list(HTTP_header_t *http_hdr, cddb_
ptr++;
// We have a list of exact/inexact matches, so which one do we use?
// So let's take the first one.
- ret = sscanf(ptr, "%s %08lx %s", cddb_data->category, &(cddb_data->disc_id), album_title);
+ ret = sscanf(ptr, "%99s %08lx %99s", cddb_data->category, &(cddb_data->disc_id), album_title);
if( ret!=3 ) {
mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
return -1;
@@ -535,7 +535,7 @@ cddb_query_parse(HTTP_header_t *http_hdr, cddb_data_t
switch(status) {
case 200:
// Found exact match
- ret = sscanf(http_hdr->body, "%d %s %08lx %s", &status, cddb_data->category, &(cddb_data->disc_id), album_title);
+ ret = sscanf(http_hdr->body, "%d %99s %08lx %99s", &status, cddb_data->category, &(cddb_data->disc_id), album_title);
if( ret!=4 ) {
mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
return -1;