Commit 276b549f authored by Leo's avatar Leo
Browse files

main/gst-plugins-base: fix CVE-2019-9928

parent e5273f82
Pipeline #9740 failed with stages
in 121 minutes and 5 seconds
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gst-plugins-base
pkgver=1.14.4
pkgrel=0
pkgrel=1
pkgdesc="GStreamer Multimedia Framework Base Plugins"
url="https://gstreamer.freedesktop.org"
arch="all"
......@@ -29,10 +29,15 @@ makedepends="
mesa-dev
orc-compiler
"
source="https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-$pkgver.tar.xz"
source="https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-$pkgver.tar.xz
CVE-2019-9928.patch"
ldpath="/usr/lib/gstreamer-1.0"
builddir="$srcdir"/gst-plugins-base-$pkgver
# secfixes:
# 1.14.4-r1:
# - CVE-2019-9928
# sporadic testsuite failures on various archs, testsuite fails with network restricted too
options="!check"
......@@ -69,4 +74,5 @@ doc() {
replaces="${pkgname}1-doc"
}
sha512sums="42c59df9f2d848108f12afa0466acbcfa5ccda64e4d0d44608d4268abed20f2e036713de04e7d71feaed1868ad742c5bcb55ae0eef5dec8e19e053dc8541b8af gst-plugins-base-1.14.4.tar.xz"
sha512sums="42c59df9f2d848108f12afa0466acbcfa5ccda64e4d0d44608d4268abed20f2e036713de04e7d71feaed1868ad742c5bcb55ae0eef5dec8e19e053dc8541b8af gst-plugins-base-1.14.4.tar.xz
064305bced4754b9d916adc97254c1cfd52fd25f5cf31f406f7bebac18bc1e9fc5cdab1ee59e2027d3299c5dbbc6134b6171ee925e7dab3dd134fd130b755e1b CVE-2019-9928.patch"
diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c
index 76ae7d4..81239dc 100644
--- a/gst-libs/gst/rtsp/gstrtspconnection.c
+++ b/gst-libs/gst/rtsp/gstrtspconnection.c
@@ -2128,7 +2128,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message,
maxlen = sizeof (conn->session_id) - 1;
/* the sessionid can have attributes marked with ;
* Make sure we strip them */
- for (i = 0; session_id[i] != '\0'; i++) {
+ for (i = 0; i < maxlen && session_id[i] != '\0'; i++) {
if (session_id[i] == ';') {
maxlen = i;
/* parse timeout */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment