File wavpack-CVE-2022-2476.patch of Package wavpack

Overview Repositories Revisions Requests Users Attributes Meta

File wavpack-CVE-2022-2476.patch of Package wavpack

From 25b4a2725d8568212e7cf89ca05ca29d128af7ac Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 5 Jul 2022 18:58:19 -0700
Subject: [PATCH] issue #121: NULL pointer dereference in wvunpack.c

* check for NULL pointer before dereferencing in wvunpack.c
* sanitize custom extensions to be alphanumeric only
---
 ChangeLog        |  5 +++++
 cli/wvunpack.c   |  6 ++++--
 src/open_utils.c | 10 ++++++++--
 3 files changed, 17 insertions(+), 4 deletions(-)

Index: wavpack-5.4.0/cli/wvunpack.c
===================================================================
--- wavpack-5.4.0.orig/cli/wvunpack.c
+++ wavpack-5.4.0/cli/wvunpack.c
@@ -830,8 +830,10 @@ int main(int argc, char **argv)
 
             // clean up in preparation for potentially another file
 
-            if (outpath)
-                *filespec_name (outfilename) = '\0';
+            if (outpath) {
+                if (filespec_name (outfilename))
+                    *filespec_name (outfilename) = '\0';
+            }
             else if (*outfilename != '-') {
                 free (outfilename);
                 outfilename = NULL;
Index: wavpack-5.4.0/src/open_utils.c
===================================================================
--- wavpack-5.4.0.orig/src/open_utils.c
+++ wavpack-5.4.0/src/open_utils.c
@@ -18,6 +18,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 
 #include "wavpack_local.h"
 
@@ -796,8 +797,13 @@ static int process_metadata (WavpackCont
 
         case ID_ALT_EXTENSION:
             if (wpmd->byte_length && wpmd->byte_length < sizeof (wpc->file_extension)) {
-                memcpy (wpc->file_extension, wpmd->data, wpmd->byte_length);
-                wpc->file_extension [wpmd->byte_length] = 0;
+                int i, j;
+
+                for (i = j = 0; i < wpmd->byte_length; ++i)
+                    if (isalnum (((char *) wpmd->data) [i]))
+                        wpc->file_extension [j++] = ((char *) wpmd->data) [i];
+
+                wpc->file_extension [j] = 0;
             }
 
             return TRUE;

Places

File wavpack-CVE-2022-2476.patch of Package wavpack

Places