Página inicial Explorar Ajuda
Entrar
PUBLIC_REPOS
/
buildroot
mirror de git://git.buildroot.net/buildroot
2
1
Fork 0
Arquivos
Tree: 9ffc00c6b8
Branches Tags
buildroot
/
package
/
faad2
/
0001-syntax.c-check-for-syntax-element-inconsistencies.patch

0001-syntax.c-check-for-syntax-element-inconsistencies.patch 2.1 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. From 466b01d504d7e45f1e9169ac90b3e34ab94aed14 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Hugo Lefeuvre <hle@debian.org>
    3. 

  3. Date: Mon, 25 Feb 2019 10:49:03 +0100
    4. 

  4. Subject: [PATCH] syntax.c: check for syntax element inconsistencies
    5. 

  5. 

  6. Implicit channel mapping reconfiguration is explicitely forbidden by
    7. 

  7. ISO/IEC 13818-7:2006 (8.5.3.3). Decoders should be able to detect such
    8. 

  8. files and reject them. FAAD2 does not perform any kind of checks
    9. 

  9. regarding this.
    10. 

  10. 

  11. This leads to security vulnerabilities when processing crafted AAC
    12. 

  12. files performing such reconfigurations.
    13. 

  13. 

  14. Add checks to decode_sce_lfe and decode_cpe to make sure such
    15. 

  15. inconsistencies are detected as early as possible.
    16. 

  16. 

  17. These checks first read hDecoder->frame: if this is not the first
    18. 

  18. frame then we make sure that the syntax element at the same position
    19. 

  19. in the previous frame also had element_id id_syn_ele. If not, return
    20. 

  20. 21 as this is a fatal file structure issue.
    21. 

  21. 

  22. This patch addresses CVE-2018-20362 (fixes #26) and possibly other
    23. 

  23. related issues.
    24. 

  24. 

  25. Signed-off-by: Baruch Siach <baruch@tkos.co.il>
    26. 

  26. ---
    27. 

  27. Upstream status: commit 466b01d504d7
    28. 

  28. 

  29.  libfaad/syntax.c | 12 ++++++++++++
    30. 

  30.  1 file changed, 12 insertions(+)
    31. 

  31. 

  32. diff --git a/libfaad/syntax.c b/libfaad/syntax.c
    33. 

  33. index f8e808c269c0..e7fb11381e46 100644
    34. 

  34. --- a/libfaad/syntax.c
    35. 

  35. +++ b/libfaad/syntax.c
    36. 

  36. @@ -344,6 +344,12 @@ static void decode_sce_lfe(NeAACDecStruct *hDecoder,
    37. 

  37.         can become 2 when some form of Parametric Stereo coding is used
    38. 

  38.      */
    39. 

  39.  
    40. 

  40. +    if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) {
    41. 

  41. +        /* element inconsistency */
    42. 

  42. +        hInfo->error = 21;
    43. 

  43. +        return;
    44. 

  44. +    }
    45. 

  45. +
    46. 

  46.      /* save the syntax element id */
    47. 

  47.      hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele;
    48. 

  48.  
    49. 

  49. @@ -395,6 +401,12 @@ static void decode_cpe(NeAACDecStruct *hDecoder, NeAACDecFrameInfo *hInfo, bitfi
    50. 

  50.          return;
    51. 

  51.      }
    52. 

  52.  
    53. 

  53. +    if (hDecoder->frame && hDecoder->element_id[hDecoder->fr_ch_ele] != id_syn_ele) {
    54. 

  54. +        /* element inconsistency */
    55. 

  55. +        hInfo->error = 21;
    56. 

  56. +        return;
    57. 

  57. +    }
    58. 

  58. +
    59. 

  59.      /* save the syntax element id */
    60. 

  60.      hDecoder->element_id[hDecoder->fr_ch_ele] = id_syn_ele;
    61. 

  61.  
    62. 

  62. -- 
    63. 

  63. 2.20.1
    64. 

  64.