Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
650
Issues
650
List
Boards
Labels
Service Desk
Milestones
Merge Requests
212
Merge Requests
212
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
aports
Commits
e31e4436
Commit
e31e4436
authored
Dec 04, 2018
by
Natanael Copa
1
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/libao: security fix for CVE-2017-11548
fixes
#9210
parent
4f5598e3
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
187 additions
and
5 deletions
+187
-5
main/libao/APKBUILD
main/libao/APKBUILD
+10
-5
main/libao/CVE-2017-11548.patch
main/libao/CVE-2017-11548.patch
+177
-0
No files found.
main/libao/APKBUILD
View file @
e31e4436
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
libao
pkgver
=
1.2.0
pkgrel
=
1
pkgrel
=
2
pkgdesc
=
"Cross-platform audio output library and plugins"
url
=
"http://www.xiph.org/ao"
arch
=
"all"
...
...
@@ -9,7 +9,13 @@ license="GPL"
subpackages
=
"
$pkgname
-dev
$pkgname
-doc"
depends
=
""
makedepends
=
"alsa-lib-dev"
source
=
"http://downloads.xiph.org/releases/ao/
$pkgname
-
$pkgver
.tar.gz"
source
=
"http://downloads.xiph.org/releases/ao/
$pkgname
-
$pkgver
.tar.gz
CVE-2017-11548.patch
"
# secfixes:
# 1.2.0-r2:
# - CVE-2017-11548
_builddir
=
"
$srcdir
/
$pkgname
-
$pkgver
"
...
...
@@ -34,6 +40,5 @@ package() {
make
DESTDIR
=
"
$pkgdir
"
install
||
return
1
}
md5sums
=
"9f5dd20d7e95fd0dd72df5353829f097 libao-1.2.0.tar.gz"
sha256sums
=
"03ad231ad1f9d64b52474392d63c31197b0bc7bd416e58b1c10a329a5ed89caf libao-1.2.0.tar.gz"
sha512sums
=
"9456953826c188d67129ad78366bb86d6243499f2cd340d20d61366f7e40a33f3f8ab601c7f18ce9e24aa22f898093b482b2415b7e428c1486ef7e5ac27b3ee4 libao-1.2.0.tar.gz"
sha512sums
=
"9456953826c188d67129ad78366bb86d6243499f2cd340d20d61366f7e40a33f3f8ab601c7f18ce9e24aa22f898093b482b2415b7e428c1486ef7e5ac27b3ee4 libao-1.2.0.tar.gz
2108047bf0b17b1a516c6acaa7d373f46f0c8efe8d355c5353abf73ead987b5a3b97a102ebd596113ca8670d303c13922e5cca764c0604971a1ccac4cba770be CVE-2017-11548.patch"
main/libao/CVE-2017-11548.patch
0 → 100644
View file @
e31e4436
diff --git a/src/audio_out.c b/src/audio_out.c
index bd8f6fc..f5942d6 100644
--- a/src/audio_out.c
+++ b/src/audio_out.c
@@ -634,6 +634,10 @@
static char *_sanitize_matrix(int maxchannels, char *matrix, ao_device *device){
char *ret = calloc(strlen(matrix)+1,1); /* can only get smaller */
char *p=matrix;
int count=0;
+
+ if(!ret)
+ return NULL;
+
while(count<maxchannels){
char *h,*t;
int m=0;
@@ -706,6 +710,15 @@
static int _find_channel(int needle, char *haystack){
return -1;
}
+static void _free_map(char **m){
+ char **in=m;
+ while(m && *m){
+ free(*m);
+ m++;
+ }
+ if(in)free(in);
+}
+
static char **_tokenize_matrix(char *matrix){
char **ret=NULL;
char *p=matrix;
@@ -730,6 +743,8 @@
static char **_tokenize_matrix(char *matrix){
}
ret = calloc(count+1,sizeof(*ret));
+ if(!ret)
+ return NULL;
p=matrix;
count=0;
@@ -748,6 +763,10 @@
static char **_tokenize_matrix(char *matrix){
while(t>p && isspace(*(t-1)))t--;
ret[count] = calloc(t-p+1,1);
+ if(!ret[count]){
+ _free_map(ret);
+ return NULL;
+ }
memcpy(ret[count],p,t-p);
count++;
if(!*h)break;
@@ -755,16 +774,6 @@
static char **_tokenize_matrix(char *matrix){
}
return ret;
-
-}
-
-static void _free_map(char **m){
- char **in=m;
- while(m && *m){
- free(*m);
- m++;
- }
- if(in)free(in);
}
static unsigned int _matrix_to_channelmask(int ch, char *matrix, char *premap, int **mout){
@@ -772,7 +781,14 @@
static unsigned int _matrix_to_channelmask(int ch, char *matrix, char *premap, i
char *p=matrix;
int *perm=(*mout=malloc(ch*sizeof(*mout)));
int i;
- char **map = _tokenize_matrix(premap);
+ char **map;
+
+ if(!perm)
+ return 0;
+
+ map = _tokenize_matrix(premap);
+ if(!map)
+ return 0;
for(i=0;i<ch;i++) perm[i] = -1;
i=0;
@@ -810,6 +826,9 @@
static char *_channelmask_to_matrix(unsigned int mask, char *premap){
char buffer[257]={0};
char **map = _tokenize_matrix(premap);
+ if(!map)
+ return NULL;
+
while(map[m]){
if(mask & (1<<m)){
if(count)
@@ -849,6 +868,9 @@
static char *_matrix_intersect(char *matrix,char *premap){
int count=0;
char **map = _tokenize_matrix(premap);
+ if(!map)
+ return NULL;
+
while(1){
char *h=p;
int m=0;
@@ -1039,7 +1061,7 @@
static ao_device* _open_device(int driver_id, ao_sample_format *format,
device->output_matrix,
&device->input_map);
int channels = _channelmask_bits(mask);
- if(channels<0){
+ if(channels<=0){
aerror("Unable to map any channels from input matrix to output");
errno = AO_EBADFORMAT;
goto error;
@@ -1060,7 +1082,7 @@
static ao_device* _open_device(int driver_id, ao_sample_format *format,
device->output_matrix,
&device->input_map);
int channels = _channelmask_bits(mask);
- if(channels<0){
+ if(channels<=0){
aerror("Unable to map any channels from input matrix to output");
errno = AO_EBADFORMAT;
goto error;
@@ -1111,6 +1133,10 @@
static ao_device* _open_device(int driver_id, ao_sample_format *format,
int count=0;
device->inter_permute = calloc(device->output_channels,sizeof(int));
+ if (!device->inter_permute) {
+ errno = AO_EFAIL;
+ goto error;
+ }
adebug("\n");
while(count<device->output_channels){
@@ -1157,8 +1183,10 @@
static ao_device* _open_device(int driver_id, ao_sample_format *format,
for(i=0;i<device->output_channels;i++)
if(device->inter_permute[i]==j)break;
if(i==device->output_channels){
- adebug("input %d (%s)\t -> none\n",
- j,inch[j]);
+ if(inch){
+ adebug("input %d (%s)\t -> none\n",
+ j,inch[j]);
+ }
unflag=1;
}
}
diff --git a/src/plugins/macosx/ao_macosx.c b/src/plugins/macosx/ao_macosx.c
index a3daf1b..129020d 100644
--- a/src/plugins/macosx/ao_macosx.c
+++ b/src/plugins/macosx/ao_macosx.c
@@ -594,11 +594,11 @@
int ao_plugin_open(ao_device *device, ao_sample_format *format)
internal->firstValidByteOffset = 0;
internal->validByteCount = 0;
internal->buffer = malloc(internal->bufferByteCount);
- memset(internal->buffer, 0, internal->bufferByteCount);
if (!internal->buffer) {
aerror("Unable to allocate queue buffer.\n");
return 0;
}
+ memset(internal->buffer, 0, internal->bufferByteCount);
/* limited to stereo for now */
//if(!device->output_matrix)
diff --git a/src/plugins/sndio/ao_sndio.c b/src/plugins/sndio/ao_sndio.c
index ec251fb..e23fd47 100644
--- a/src/plugins/sndio/ao_sndio.c
+++ b/src/plugins/sndio/ao_sndio.c
@@ -67,6 +67,9 @@
int ao_plugin_device_init(ao_device *device)
{
ao_sndio_internal *internal;
internal = (ao_sndio_internal *) calloc(1,sizeof(*internal));
+ if (internal == NULL)
+ return 0;
+
internal->id=-1;
device->internal = internal;
device->output_matrix_order = AO_OUTPUT_MATRIX_FIXED;
Natanael Copa
@ncopa
mentioned in issue
#9210 (closed)
·
Jul 12, 2019
mentioned in issue
#9210 (closed)
mentioned in issue #9210
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment