git: d2378ab547da - main - audio/vorbis-tools: Add patch for CVE-2023-43361

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Daniel Engberg <diizzy_at_FreeBSD.org>
Date: Sun, 05 Nov 2023 20:59:28 UTC
The branch main has been updated by diizzy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d2378ab547da27903d0201a0fef3d272f334d0ac

commit d2378ab547da27903d0201a0fef3d272f334d0ac
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-11-05 20:39:54 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-11-05 20:40:51 +0000

    audio/vorbis-tools: Add patch for CVE-2023-43361
    
    Reference:
    https://www.cve.org/CVERecord?id=CVE-2023-43361
    
    Source:
    https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7#note_55477
    
    PR:             274900
    Reviewed by:    naddy (maintainer)
---
 audio/vorbis-tools/Makefile                   |  4 ++--
 audio/vorbis-tools/files/patch-CVE-2023-43361 | 30 +++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/audio/vorbis-tools/Makefile b/audio/vorbis-tools/Makefile
index c5edc2790cf1..481cb71d95bb 100644
--- a/audio/vorbis-tools/Makefile
+++ b/audio/vorbis-tools/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	vorbis-tools
-PORTVERSION=	1.4.2
-PORTREVISION=	3
+DISTVERSION=	1.4.2
+PORTREVISION=	4
 PORTEPOCH=	3
 CATEGORIES=	audio
 MASTER_SITES=	https://downloads.xiph.org/releases/vorbis/
diff --git a/audio/vorbis-tools/files/patch-CVE-2023-43361 b/audio/vorbis-tools/files/patch-CVE-2023-43361
new file mode 100644
index 000000000000..bd6fe963410b
--- /dev/null
+++ b/audio/vorbis-tools/files/patch-CVE-2023-43361
@@ -0,0 +1,30 @@
+diff --git a/oggenc/platform.c b/oggenc/platform.c
+index 6d9f4ef..b66e47a 100644
+--- oggenc/platform.c
++++ oggenc/platform.c
+@@ -136,18 +136,22 @@ int create_directories(char *fn, int isutf8)
+ {
+     char *end, *start;
+     struct stat statbuf;
+-    char *segment = malloc(strlen(fn)+1);
++    const size_t fn_len = strlen(fn);
++    char *segment = malloc(fn_len+1);
+ #ifdef _WIN32
+     wchar_t seg[MAX_PATH+1];
+ #endif
+ 
+     start = fn;
+ #ifdef _WIN32
+-    if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':')
++    // Strip drive prefix
++    if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') {
++ 
+         start = start+2;
+ #endif
+ 
+-    while((end = strpbrk(start+1, PATH_SEPS)) != NULL)
++    // Loop through path segments, creating directories if necessary
++    while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL)
+     {
+         int rv;
+         memcpy(segment, fn, end-fn);