diff options
Diffstat (limited to 'external/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch')
-rw-r--r-- | external/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/external/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch b/external/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch deleted file mode 100644 index 0ad7245c..00000000 --- a/external/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch +++ /dev/null @@ -1,33 +0,0 @@ -From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001 -From: Tobias Ronge <tobiasr@axis.com> -Date: Thu, 14 Mar 2019 10:12:27 +0100 -Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow - -The former code allowed an attacker to create a heap overflow by -sending a longer than allowed session id in a response and including a -semicolon to change the maximum length. With this change, the parser -will never go beyond 512 bytes. - -Upstream-Status: Backport -CVE: CVE-2019-9928 -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> ---- - gst-libs/gst/rtsp/gstrtspconnection.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c -index a6755bedd..c0429064a 100644 ---- a/gst-libs/gst/rtsp/gstrtspconnection.c -+++ b/gst-libs/gst/rtsp/gstrtspconnection.c -@@ -2461,7 +2461,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message, - maxlen = sizeof (conn->session_id) - 1; - /* the sessionid can have attributes marked with ; - * Make sure we strip them */ -- for (i = 0; session_id[i] != '\0'; i++) { -+ for (i = 0; i < maxlen && session_id[i] != '\0'; i++) { - if (session_id[i] == ';') { - maxlen = i; - /* parse timeout */ --- -2.21.0 - |