[vlc-devel] commit: Contrib: fix CVE-2008-2109 for libid3tag. (Pavlov Konstantin )

[git version control]

vlc | branch: 0.8.6-bugfix | Pavlov Konstantin <thresh at videolan.org> | Sat May 17 02:23:51 2008 +0400| [a22f0e8687288490087baa47f7a2f971df5c1cf0]

Contrib: fix CVE-2008-2109 for libid3tag.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=a22f0e8687288490087baa47f7a2f971df5c1cf0
---

 extras/contrib/src/Makefile                        |    1 +
 .../libid3tag-0.15.1b-fix-CVE-2008-2109.patch      |   19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/extras/contrib/src/Makefile b/extras/contrib/src/Makefile
index 5ccb847..b04f959 100644
--- a/extras/contrib/src/Makefile
+++ b/extras/contrib/src/Makefile
@@ -559,6 +559,7 @@ libid3tag-$(LIBID3TAG_VERSION).tar.gz:
 
 libid3tag: libid3tag-$(LIBID3TAG_VERSION).tar.gz
 	$(EXTRACT_GZ)
+	patch -d libid3tag -p0 < Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch
 
 .id3tag: libid3tag
 	(cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) && make && make install)
diff --git a/extras/contrib/src/Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch b/extras/contrib/src/Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch
new file mode 100644
index 0000000..7e0b003
--- /dev/null
+++ b/extras/contrib/src/Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch
@@ -0,0 +1,19 @@
+*** field.c	2003-04-19 09:14:33.000000000 +0900
+--- field-patched.c	2008-01-13 16:08:22.000000000 +0900
+***************
+*** 291,297 ****
+
+        end = *ptr + length;
+
+!       while (end - *ptr > 0) {
+  	ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+  	if (ucs4 == 0)
+  	  goto fail;
+--- 291,297 ----
+
+        end = *ptr + length;
+
+!       while (end - *ptr > 0 && **ptr != '\0') {
+  	ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+  	if (ucs4 == 0)
+  	  goto fail;