Add mode checks to speex_packet_to_header() to protect applications using
speex library and not having proper checks (CVE-2008-1686, #441239, https://trac.xiph.org/changeset/14701)
This commit is contained in:
thoger
parent
c97e121f3a
commit
95d8d8cf07
21
speex-1.2-CVE-2008-1686.diff
Normal file
21
speex-1.2-CVE-2008-1686.diff
Normal file
@ -0,0 +1,21 @@
|
||||
Patch for CVE-2008-1686, see:
|
||||
https://trac.xiph.org/changeset/14701
|
||||
http://www.ocert.org/advisories/ocert-2008-2.html
|
||||
|
||||
diff -pruN speex-1.2beta2.orig/libspeex/speex_header.c speex-1.2beta2/libspeex/speex_header.c
|
||||
--- speex-1.2beta2.orig/libspeex/speex_header.c 2007-03-18 13:25:09.000000000 +0100
|
||||
+++ speex-1.2beta2/libspeex/speex_header.c 2008-04-15 17:15:18.000000000 +0200
|
||||
@@ -161,6 +161,13 @@ SpeexHeader *speex_packet_to_header(char
|
||||
ENDIAN_SWITCH(le_header->frames_per_packet);
|
||||
ENDIAN_SWITCH(le_header->extra_headers);
|
||||
|
||||
+ if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0)
|
||||
+ {
|
||||
+ speex_warning ("Invalid mode specified in Speex header");
|
||||
+ speex_free (le_header);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
return le_header;
|
||||
|
||||
}
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: A voice compression format (codec)
|
||||
Name: speex
|
||||
Version: 1.2
|
||||
Release: 0.6.beta3
|
||||
Release: 0.7.beta3
|
||||
License: BSD
|
||||
Group: System Environment/Libraries
|
||||
URL: http://www.speex.org/
|
||||
@ -12,6 +12,7 @@ BuildRequires: libogg-devel
|
||||
# don't build unneded test programs, since they seem to cause
|
||||
# build failures
|
||||
Patch0: speex-1.2beta1-test-progs.patch
|
||||
Patch1: speex-1.2-CVE-2008-1686.diff
|
||||
|
||||
%description
|
||||
Speex is a patent-free compression format designed especially for
|
||||
@ -42,6 +43,7 @@ speech. This package contains tools files and user's manual for %{name}.
|
||||
%prep
|
||||
%setup -q -n speex-1.2beta3
|
||||
%patch0 -p1 -b .test-progs
|
||||
%patch1 -p1 -b .CVE-2008-1686
|
||||
chmod a-x README
|
||||
|
||||
%build
|
||||
@ -90,6 +92,11 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man1/speexdec.1*
|
||||
|
||||
%changelog
|
||||
* Tue Apr 15 2008 Tomas Hoger <thoger@redhat.com> - 1.2-0.7.beta3
|
||||
- Security update: Add mode checks to speex_packet_to_header() to protect
|
||||
applications using speex library and not having proper checks
|
||||
(CVE-2008-1686, #441239, https://trac.xiph.org/changeset/14701)
|
||||
|
||||
* Mon Mar 31 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.2-0.6.beta3
|
||||
- 439284 add owner to %{_defaultdocdir}/speex
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user