Commit ba72fd45 authored by Gabor Karsay's avatar Gabor Karsay

Add security patch for CVE-2017-92xx

parent fba81bae
Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260
Based on an upstream commit, original commit message was: "Added sanity
checks against illegal input audio stream parameters e.g. wildly excessive
samplerate".
.
There is no reference to CVEs or bugs, the commit was made after disclosure
of the CVEs and all three proofs of concept (crafted wav files) fail after
this commit.
.
The commit was made after version 2.0.0, so that version is also vulnerable.
.
Unrelated changes were stripped away by patch author, upstream commit author
is Olli Parviainen <oparviai@iki.fi>.
Author: Gabor Karsay <gabor.karsay@gmx.at>
Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/source/SoundTouch/TDStretch.cpp
+++ b/source/SoundTouch/TDStretch.cpp
@@ -128,7 +128,12 @@
int aSeekWindowMS, int aOverlapMS)
{
// accept only positive parameter values - if zero or negative, use old values instead
- if (aSampleRate > 0) this->sampleRate = aSampleRate;
+ if (aSampleRate > 0)
+ {
+ if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate");
+ this->sampleRate = aSampleRate;
+ }
+
if (aOverlapMS > 0) this->overlapMs = aOverlapMS;
if (aSequenceMS > 0)
cve-2017-92xx.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment