Tue Apr 5 14:26:38 UTC 2011

author: Parabola <dev@list.parabolagnulinux.org> 2011-04-05 14:26:38 +0000
committer: Parabola <dev@list.parabolagnulinux.org> 2011-04-05 14:26:38 +0000
commit: 415856bdd4f48ab4f2732996f0bae58595092bbe (patch)
tree: ede2018b591f6dfb477fe9341ba17b9bc000fab9 /extra/libcdaudio/01-cddb-bufferoverflow.patch
1 files changed, 15 insertions, 0 deletions
diff --git a/extra/libcdaudio/01-cddb-bufferoverflow.patch b/extra/libcdaudio/01-cddb-bufferoverflow.patch
new file mode 100644
index 000000000..0a4449717
--- /dev/null
+++ b/extra/libcdaudio/01-cddb-bufferoverflow.patch
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm@inutil.org>
+Description: CAN-2005-0706: Bufferoverflow in CDDB lookup parsing
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c	2009-08-02 10:30:05.000000000 +0000
++++ libcdaudio/src/cddb.c	2009-08-02 10:34:57.000000000 +0000
+@@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock,
+     }
+ 	   
+     query->query_matches = 0;
+-    while(!cddb_read_line(sock, inbuffer, 256)) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) {
+       slashed = 0;
+       if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
+ 	index = 0;
author	Parabola <dev@list.parabolagnulinux.org>	2011-04-05 14:26:38 +0000
committer	Parabola <dev@list.parabolagnulinux.org>	2011-04-05 14:26:38 +0000
commit	415856bdd4f48ab4f2732996f0bae58595092bbe (patch)
tree	ede2018b591f6dfb477fe9341ba17b9bc000fab9 /extra/libcdaudio/01-cddb-bufferoverflow.patch