[pkgsrc/trunk]: pkgsrc/audio/mpg123 Fix a buffer overflow by a malicous playl...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c83fcc5ff7f7
branches:  trunk
changeset: 487036:c83fcc5ff7f7
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Fri Jan 07 14:52:13 2005 +0000

description:
Fix a buffer overflow by a malicous playlist (CAN-2004-1284).
Being here, fix a possible problem which was mentioned in conjunction
with CAN-2003-0577 - zero bitrate makes mpg123 assume a negative
frame size.
bump PKGREVISION

diffstat:

 audio/mpg123/Makefile         |   4 ++--
 audio/mpg123/distinfo         |   4 +++-
 audio/mpg123/patches/patch-as |  13 +++++++++++++
 audio/mpg123/patches/patch-at |  17 +++++++++++++++++
 4 files changed, 35 insertions(+), 3 deletions(-)

diffs (66 lines):

diff -r 04b4c32c997d -r c83fcc5ff7f7 audio/mpg123/Makefile
--- a/audio/mpg123/Makefile     Fri Jan 07 13:29:12 2005 +0000
+++ b/audio/mpg123/Makefile     Fri Jan 07 14:52:13 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.37 2004/11/07 08:55:04 tron Exp $
+# $NetBSD: Makefile,v 1.38 2005/01/07 14:52:13 drochner Exp $
 
 PKGNAME=       mpg123-${MPG123_VERSION}
-PKGREVISION=   5
+PKGREVISION=   6
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio
 
 CONFLICTS+=    mpg123-nas-[0-9]*
diff -r 04b4c32c997d -r c83fcc5ff7f7 audio/mpg123/distinfo
--- a/audio/mpg123/distinfo     Fri Jan 07 13:29:12 2005 +0000
+++ b/audio/mpg123/distinfo     Fri Jan 07 14:52:13 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2004/11/07 08:55:04 tron Exp $
+$NetBSD: distinfo,v 1.20 2005/01/07 14:52:13 drochner Exp $
 
 SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493
 Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes
@@ -22,3 +22,5 @@
 SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7
 SHA1 (patch-aq) = a993d815b6657b9a2241b2e3f0ba30d6c2861230
 SHA1 (patch-ar) = 6238d6f2ff3f3abf4fd47bc36edcf6696d76fea4
+SHA1 (patch-as) = 8765b22c556cdc217f6270f3a5e70b40b36b9229
+SHA1 (patch-at) = 9a64a62f7d1d115e3d36dbb0f08762d4b0eb1e2b
diff -r 04b4c32c997d -r c83fcc5ff7f7 audio/mpg123/patches/patch-as
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/mpg123/patches/patch-as     Fri Jan 07 14:52:13 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-as,v 1.1 2005/01/07 14:52:13 drochner Exp $
+
+--- common.c.orig      1999-06-15 23:24:19.000000000 +0200
++++ common.c
+@@ -123,7 +123,7 @@ int head_check(unsigned long head)
+       return FALSE;
+     if(!((head>>17)&3))
+       return FALSE;
+-    if( ((head>>12)&0xf) == 0xf)
++    if( ((head>>12)&0xf) == 0xf || ((head>>12)&0xf) == 0) 
+       return FALSE;
+     if( ((head>>10)&0x3) == 0x3 )
+       return FALSE;
diff -r 04b4c32c997d -r c83fcc5ff7f7 audio/mpg123/patches/patch-at
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/mpg123/patches/patch-at     Fri Jan 07 14:52:13 2005 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-at,v 1.1 2005/01/07 14:52:13 drochner Exp $
+
+--- mpg123.c.orig      2005-01-07 15:18:27.000000000 +0100
++++ mpg123.c
+@@ -309,9 +309,9 @@ char *find_next_file (int argc, char *ar
+                 if (line[0]=='\0' || line[0]=='#')
+                     continue;
+               if ((listnamedir) && (line[0]!='/') && (line[0]!='\\')){
+-                    strcpy (linetmp, listnamedir);
+-                    strcat (linetmp, line);
+-                  strcpy (line, linetmp);
++                    strncpy (linetmp, listnamedir, 1023);
++                    strncat (linetmp, line, 1023 - strlen(linetmp));
++                  strncpy (line, linetmp, 1023);
+                 }
+                 return (line);
+             }