packages/wavpack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!28 [sync] PR-25: fix CVE-2022-2476

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @wk333 
Signed-off-by: @wk333
This commit is contained in:
openeuler-ci-bot 2024-12-02 06:30:26 +00:00 committed by Gitee
commit 9389bdad02
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
backport-CVE-2022-2476.patch Normal file
View File

@ -0,0 +1,57 @@
From 25b4a2725d8568212e7cf89ca05ca29d128af7ac Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 5 Jul 2022 18:58:19 -0700
Subject: [PATCH] issue #121: NULL pointer dereference in wvunpack.c
* check for NULL pointer before dereferencing in wvunpack.c
* sanitize custom extensions to be alphanumeric only
---
cli/wvunpack.c | 6 ++++--
src/open_utils.c | 10 ++++++++--
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/cli/wvunpack.c b/cli/wvunpack.c
index c8dea624..9a5a49aa 100644
--- a/cli/wvunpack.c
+++ b/cli/wvunpack.c
@@ -907,8 +907,10 @@ int main(int argc, char **argv)
// clean up in preparation for potentially another file
- if (outpath)
- *filespec_name (outfilename) = '\0';
+ if (outpath) {
+ if (filespec_name (outfilename))
+ *filespec_name (outfilename) = '\0';
+ }
else if (*outfilename != '-') {
free (outfilename);
outfilename = NULL;
diff --git a/src/open_utils.c b/src/open_utils.c
index 3e14de50..795471eb 100644
--- a/src/open_utils.c
+++ b/src/open_utils.c
@@ -18,6 +18,7 @@
#include <stdlib.h>
#include <string.h>
+#include <ctype.h>
#include "wavpack_local.h"
@@ -796,8 +797,13 @@ static int process_metadata (WavpackContext *wpc, WavpackMetadata *wpmd)
case ID_ALT_EXTENSION:
if (wpmd->byte_length && wpmd->byte_length < sizeof (wpc->file_extension)) {
- memcpy (wpc->file_extension, wpmd->data, wpmd->byte_length);
- wpc->file_extension [wpmd->byte_length] = 0;
+ int i, j;
+
+ for (i = j = 0; i < wpmd->byte_length; ++i)
+ if (isalnum (((char *) wpmd->data) [i]))
+ wpc->file_extension [j++] = ((char *) wpmd->data) [i];
+
+ wpc->file_extension [j] = 0;
}
return TRUE;

6
wavpack.spec
View File

@ -1,11 +1,12 @@
Name: wavpack
Version: 5.3.0
Release: 2
Release: 3
Summary: Hybrid Lossless Wavefile Compressor
License: BSD
Url: http://www.wavpack.com/
Source: https://github.com/dbry/WavPack/releases/download/%{version}/%{name}-%{version}.tar.xz
Patch0000: CVE-2020-35738.patch
Patch0001: backport-CVE-2022-2476.patch
BuildRequires: autoconf automake libtool
@ -66,6 +67,9 @@ autoreconf -ivf
%{_mandir}/man1/*.1*
%changelog
* Fri Nov 29 2024 Funda Wang <fundawang@yeah.net> - 5.3.0-3
- fix CVE-2022-2476
* Thu Mar 4 2021 wangxiao <wangxiao65@huawei.com> - 5.3.0-2
- Fix CVE-2020-35738