View | Details | Raw Unified | Return to bug 274900
Collapse All | Expand All

(-)b/audio/vorbis-tools/Makefile (-2 / +2 lines)
Lines 1-6 Link Here
1 
PORTNAME=	vorbis-tools
 1 
PORTNAME=	vorbis-tools
2 
PORTVERSION=	1.4.2
 2 
DISTVERSION=	1.4.2
3 
PORTREVISION=	3
 3 
PORTREVISION=	4
4 
PORTEPOCH=	3
 4 
PORTEPOCH=	3
5 
CATEGORIES=	audio
 5 
CATEGORIES=	audio
6 
MASTER_SITES=	https://downloads.xiph.org/releases/vorbis/
 6 
MASTER_SITES=	https://downloads.xiph.org/releases/vorbis/
(-)b/audio/vorbis-tools/files/patch-CVE-2023-43361 (+30 lines)
Added Link Here
1 
diff --git a/oggenc/platform.c b/oggenc/platform.c
2 
index 6d9f4ef..b66e47a 100644
3 
--- oggenc/platform.c
4 
+++ oggenc/platform.c
5 
@@ -136,18 +136,22 @@ int create_directories(char *fn, int isutf8)
6 
 {
7 
     char *end, *start;
8 
     struct stat statbuf;
9 
-    char *segment = malloc(strlen(fn)+1);
10 
+    const size_t fn_len = strlen(fn);
11 
+    char *segment = malloc(fn_len+1);
12 
 #ifdef _WIN32
13 
     wchar_t seg[MAX_PATH+1];
14 
 #endif
15
16 
     start = fn;
17 
 #ifdef _WIN32
18 
-    if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':')
19 
+    // Strip drive prefix
20 
+    if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') {
21 
+
22 
         start = start+2;
23 
 #endif
24
25 
-    while((end = strpbrk(start+1, PATH_SEPS)) != NULL)
26 
+    // Loop through path segments, creating directories if necessary
27 
+    while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL)
28 
     {
29 
         int rv;
30 
         memcpy(segment, fn, end-fn);

Return to bug 274900