[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#993372: marked as done (atomicparsley: CVE-2021-37231 - stack-buffer overflow in APar_readX in src/extract.cpp)

Your message dated Fri, 17 Sep 2021 09:34:13 +0000
with message-id <E1mRAG5-0002fs-BB@fasolo.debian.org>
and subject line Bug#993372: fixed in atomicparsley 20210715.151551.e7ad03a-1
has caused the Debian Bug report #993372,
regarding atomicparsley: CVE-2021-37231 - stack-buffer overflow in APar_readX in src/extract.cpp
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
993372: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: atomicparsley
Version: 0.9.6-2
Severity: important
Tags: patch security

https://github.com/wez/atomicparsley/issues/30

See also #993366

AtomicParsley, at the version in buster, bullseye, bookworm and sid causes a stack
overflow when tested with the data file from the upstream bug report for CVE-2021-37231

The upstream change can be backported to the version in Debian and the supplied data file
no longer produces the crash with the attached patch.

-- System Information:
Debian Release: 10.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-17-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages atomicparsley depends on:
ii  libc6       2.28-10
ii  libgcc1     1:8.3.0-6
ii  libstdc++6  8.3.0-6
ii  zlib1g      1:1.2.11.dfsg-1

atomicparsley recommends no packages.

atomicparsley suggests no packages.

-- no debconf information

--- a/src/extracts.cpp
+++ b/src/extracts.cpp
@@ -1014,8 +1014,9 @@
 		track_info->type_of_track = VIDEO_TRACK;
 	}
 	if ( parsedAtoms[track->track_atom].AtomicLength > 34) {
-		memset(track_info->track_hdlr_name, 0, 100);
-		APar_readX(track_info->track_hdlr_name, isofile, parsedAtoms[track->track_atom].AtomicStart + 32, parsedAtoms[track->track_atom].AtomicLength - 32);
+		memset(track_info->track_hdlr_name, 0, sizeof(track_info->track_hdlr_name));
+		APar_readX(track_info->track_hdlr_name, isofile, parsedAtoms[track->track_atom].AtomicStart + 32,
+			std::min(sizeof(track_info->track_hdlr_name),parsedAtoms[track->track_atom].AtomicLength - 32));
 	}
 
 	//codec section
--- a/src/AtomicParsley.h
+++ b/src/AtomicParsley.h
@@ -145,6 +145,7 @@
 #endif
 
 #include "util.h"
+#include <algorithm>
 
 #define MAX_ATOMS 1024
 #define MAXDATA_PAYLOAD 1256

--- End Message ---
--- Begin Message --- 
Source: atomicparsley
Source-Version: 20210715.151551.e7ad03a-1
Done: Jonas Smedegaard <dr@jones.dk>

We believe that the bug you reported is fixed in the latest version of
atomicparsley, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 993372@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Smedegaard <dr@jones.dk> (supplier of updated atomicparsley package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 17 Sep 2021 11:26:19 +0200
Source: atomicparsley
Architecture: source
Version: 20210715.151551.e7ad03a-1
Distribution: unstable
Urgency: medium
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Closes: 782187 987034 993366 993372
Changes:
 atomicparsley (20210715.151551.e7ad03a-1) unstable; urgency=medium
 .
   [ upstream ]
   * new release(s);
     closes: bug#782187, thanks to Mathieu Malaterre;
     closes: bug#993366, #993372, thanks to Neil Williams,
     CVE-2021-37231 CVE-2021-37232
 .
   [ Jonas Smedegaard ]
   * move maintenance to the Debian team on Salsa
   * update git-buildpackage config:
     + use DEP-14 branches upstream/latest debian/latest
     + stop set explicit compression method
     + avoid any .git* files
   * update watch file: track GitHub source
   * update copyright info:
     + list GitHub as source
     + list GitHub issue tracker as preferred upstream contact
     + use Reference field (not License-Reference);
       tighten lintian overrides
     + update coverage
   * declare compliance with Debian Policy 4.6.0
   * use debhelper compatibility level 13 (not 9);
     build-depend on debhelper-compat (not debhelper);
     stop build-depend explicitly on dh-autoreconf
   * simplify source helper script copyright-check
   * list GitHub as Homepage;
     closes: bug#987034, thanks to Brian Sammon
   * stop explicitly install executable;
     build-depend on cmake
Checksums-Sha1:
 3e8ebb05d06204237e844bbac910f54f2881da8a 2019 atomicparsley_20210715.151551.e7ad03a-1.dsc
 5754ceff7859e41f3fa70d8c4471c0160bbb61fa 230214 atomicparsley_20210715.151551.e7ad03a.orig.tar.gz
 57a9a3c1f3986fbfbcb9154e3d58e5017ced24e3 6192 atomicparsley_20210715.151551.e7ad03a-1.debian.tar.xz
 b149065041166268bc6eb2c8881d0c4b30178631 6973 atomicparsley_20210715.151551.e7ad03a-1_amd64.buildinfo
Checksums-Sha256:
 5a59bba7e13578c201d8206f81cff31cc8f54f4cd23fb5a0bd54bf92b6f27f31 2019 atomicparsley_20210715.151551.e7ad03a-1.dsc
 546dcb5f3b625aff4f6bf22d27a0a636d15854fd729402a6933d31f3d0417e0d 230214 atomicparsley_20210715.151551.e7ad03a.orig.tar.gz
 f5f695784cdcef063ca304247be8bd2ad56629fdf2a257791594e851da1f1ac1 6192 atomicparsley_20210715.151551.e7ad03a-1.debian.tar.xz
 76f30a27d54d17190b75629ea69578b5b5be236dff5ac12f5ba6b094954ccbc6 6973 atomicparsley_20210715.151551.e7ad03a-1_amd64.buildinfo
Files:
 cdad9e09c2f4f2bb8b1f8edae8888c85 2019 video optional atomicparsley_20210715.151551.e7ad03a-1.dsc
 ff5fae0901aac980085b6ec6edf2f57d 230214 video optional atomicparsley_20210715.151551.e7ad03a.orig.tar.gz
 db6dcf1be352576dff969aeecf549b5f 6192 video optional atomicparsley_20210715.151551.e7ad03a-1.debian.tar.xz
 3e55f83efde3e51782a597de63c0648a 6973 video optional atomicparsley_20210715.151551.e7ad03a-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmFEX6oACgkQLHwxRsGg
ASGjOg/+JdHWd24TumMeDR9aIc5JtQq3Kn1Fw938LSzDs+wiJsas6ddX1cNzYjiQ
gPj2yJC8GBiN3n+PGhIOGN7SxuXYr7r6IMxTpTb3q2lvmjr22yeXmyzg1psSLD6g
eAlkGT/wI87O08SOxSij99OnCuzcaPQXFxO1uTDlvrEhLeGl3i4t39V2VOXy7ENw
1y0pOC6bHHI5Upp9J+xq+8ZNkIUX9RD/S4xPuLNaSUxuVyFK7ygwOqK08b4Jfk0q
syPOmtjXtFlgUxyYfahA326ClqE2YuD9aLV5dG6mb9o37SKYTAp/1yxb+LVm1NW0
eonxkZ2uEjISZ8lfpToL/hokQKrvECC7KIualw419+zjRMsw2KKzpEzWtHXTZ9NX
ot6Fr5zlwCU5jSYFLlWsaLRUiDDizANK8E1o93Tv/EaGAzl+fWw/dTNASquhc0ba
/GjEhC5OplzoKnTbIILkvcyDrLa5GeGsdviVeB3C8kQtqvOB+zPfqHXN7/z4/crt
yTelCSSuTtaL1mpGYZddBYfi9bjN4bwaSwk6Lxb1DYWLksJi0lje2bc1+trG80Um
fMK3A9B7i65y3+6SkAKA7kPEE0wG8NrUgOqHqlSnWHjmtrgeBgftwbt6gKlyQ9nb
s4lYfx+ML/d4bTG8itenWaXN8VFnkgNpjOCIEFi5fnhEwLSndAc=
=Drw1
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: