mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-21 12:32:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

gstreamer1.0-plugins-base: fix CVE-2019-9928

Browse Source 
(From OE-Core rev: ff6db726440e911358fc222ab21ee36a77004782)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Anuj Mittal
2019-07-26 12:47:25 +08:00
committed by Richard Purdie
parent 4626a7f6d1
commit 1ccb3bd2dc
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch Normal file
View File

@@ -0,0 +1,33 @@
From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001
From: Tobias Ronge <tobiasr@axis.com>
Date: Thu, 14 Mar 2019 10:12:27 +0100
Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow
The former code allowed an attacker to create a heap overflow by
sending a longer than allowed session id in a response and including a
semicolon to change the maximum length. With this change, the parser
will never go beyond 512 bytes.
Upstream-Status: Backport
CVE: CVE-2019-9928
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
gst-libs/gst/rtsp/gstrtspconnection.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c
index a6755bedd..c0429064a 100644
--- a/gst-libs/gst/rtsp/gstrtspconnection.c
+++ b/gst-libs/gst/rtsp/gstrtspconnection.c
@@ -2461,7 +2461,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message,
maxlen = sizeof (conn->session_id) - 1;
/* the sessionid can have attributes marked with ;
* Make sure we strip them */
- for (i = 0; session_id[i] != '\0'; i++) {
+ for (i = 0; i < maxlen && session_id[i] != '\0'; i++) {
if (session_id[i] == ';') {
maxlen = i;
/* parse timeout */
--
2.21.0

1
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.14.4.bb
View File

@@ -20,6 +20,7 @@ SRC_URI = " \
file://0010-gl-Add-switch-for-explicitely-enabling-disabling-GBM.patch \
file://0011-gl-Add-switches-for-explicitely-enabling-disabling-P.patch \
file://link-with-libvchostif.patch \
file://CVE-2019-9928.patch \
"
SRC_URI[md5sum] = "4dbe20c1bf44191c2b8833234df5cb2a"
SRC_URI[sha256sum] = "ca6139490e48863e7706d870ff4e8ac9f417b56f3b9e4b3ce490c13b09a77461"