mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-07-23 03:05:48 +03:00
23 lines
760 B
Diff
23 lines
760 B
Diff
From: Helmut Grohne <helmut@subdivi.de>
|
|
Subject: hcom: validate dictsize
|
|
Bug: https://sourceforge.net/p/sox/bugs/350/
|
|
Bug: https://sourceforge.net/p/sox/bugs/352/
|
|
Bug-Debian: https://bugs.debian.org/1021133
|
|
Bug-Debian: https://bugs.debian.org/1021134
|
|
|
|
This patch fixes both CVE-2021-23159 and CVE-2021-23172.
|
|
|
|
--- a/src/hcom.c
|
|
+++ b/src/hcom.c
|
|
@@ -134,6 +134,11 @@
|
|
return (SOX_EOF);
|
|
}
|
|
lsx_readw(ft, &dictsize);
|
|
+ if (dictsize == 0 || dictsize > 511)
|
|
+ {
|
|
+ lsx_fail_errno(ft, SOX_EHDR, "Implausible dictionary size in HCOM header");
|
|
+ return SOX_EOF;
|
|
+ }
|
|
|
|
/* Translate to sox parameters */
|
|
ft->encoding.encoding = SOX_ENCODING_HCOM;
|