View | Details | Raw Unified | Return to bug 69725
Collapse All | Expand All

(-)Makefile (-1 / +1 lines)
Lines 7-13 Link Here
7
7
8
PORTNAME=	sox
8
PORTNAME=	sox
9
PORTVERSION=	12.17.4
9
PORTVERSION=	12.17.4
10
PORTREVISION=	1
10
PORTREVISION=	2
11
CATEGORIES=	audio
11
CATEGORIES=	audio
12
MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
12
MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
13
MASTER_SITE_SUBDIR=	sox
13
MASTER_SITE_SUBDIR=	sox
(-)files/patch-wav.c (+24 lines)
Added Link Here
1
--- wav.c.old	2002-12-31 04:19:22.000000000 +0100
2
+++ wav.c	2004-07-18 19:25:46.000000000 +0200
3
@@ -917,6 +917,10 @@
4
 		} else if(strncmp(magic,"ICRD",4) == 0){
5
 			st_readdw(ft,&len); 
6
 			len = (len + 1) & ~1;
7
+			if (len > 254) {
8
+			    fprintf(stderr, "Possible buffer overflow hack attack (ICRD)!\n");
9
+			    exit(109);
10
+			}
11
 			st_reads(ft,text,len);
12
 			if (strlen(ft->comment) + strlen(text) < 254)
13
 			{
14
@@ -926,6 +930,10 @@
15
 		} else if(strncmp(magic,"ISFT",4) == 0){
16
 			st_readdw(ft,&len); 
17
 			len = (len + 1) & ~1;
18
+			if (len > 254) {
19
+			    fprintf(stderr, "Possible buffer overflow hack attack (ISFT)!\n");
20
+			    exit(110);
21
+			}
22
 			st_reads(ft,text,len);
23
 			if (strlen(ft->comment) + strlen(text) < 254)
24
 			{

Return to bug 69725