Contrib: fix CVE-2008-2109 for libid3tag.

diff --git a/extras/contrib/src/Makefile b/extras/contrib/src/Makefile
index 57d1f92f561731ebe53d1d03a27c1271d9108bbf..d51e7ddc056d02fe1af892786e40da9004ed2d72 100644 (file)
--- a/extras/contrib/src/Makefile
+++ b/extras/contrib/src/Makefile
@@ -568,6 +568,7 @@ libid3tag-$(LIBID3TAG_VERSION).tar.gz:
 
 libid3tag: libid3tag-$(LIBID3TAG_VERSION).tar.gz
        $(EXTRACT_GZ)
+       patch -d libid3tag -p0 < Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch
 
 .id3tag: libid3tag
        (cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) && make && make install)

diff --git a/extras/contrib/src/Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch b/extras/contrib/src/Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch
new file mode 100644 (file)
index 0000000..7e0b003
--- /dev/null
+++ b/extras/contrib/src/Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch
@@ -0,0 +1,19 @@
+*** field.c    2003-04-19 09:14:33.000000000 +0900
+--- field-patched.c    2008-01-13 16:08:22.000000000 +0900
+***************
+*** 291,297 ****
+
+        end = *ptr + length;
+
+!       while (end - *ptr > 0) {
+       ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+       if (ucs4 == 0)
+         goto fail;
+--- 291,297 ----
+
+        end = *ptr + length;
+
+!       while (end - *ptr > 0 && **ptr != '\0') {
+       ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+       if (ucs4 == 0)
+         goto fail;