vorbis-tools: Fix CVE-2023-43361

Upstream-Status: Backport from 5bb47f5858 Reference: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2026-04-02 02:49:12 +00:00 · 2025-10-15 13:22:28 +05:30 · 2025-10-15 13:22:28 +05:30 · 2f7a2c5cca
commit 2f7a2c5cca
parent e599281324
2 changed files with 58 additions and 0 deletions
--- a/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools/CVE-2023-43361.patch
+++ b/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools/CVE-2023-43361.patch
@ -0,0 +1,57 @@
+From 5bb47f58582c15c2413564b741d1d95e7b566aa8 Mon Sep 17 00:00:00 2001
+From: Ralph Giles <giles@thaumas.net>
+Date: Sun, 17 Sep 2023 11:49:12 -0700
+Subject: [PATCH] oggenc: Don't assume the output path ends in a file name.
+
+oggenc attempts to create any specified directories in the output
+file path if they don't exist. The parser was assuming there was
+a final filename after the last directory separator, and so would
+try to read off the end of the argument if it was a bare directory
+such as `./` or `outdir/`. It also did not handle more than one
+consecutive separator. This corrects both issues.
+
+Thanks to Frank-Z7 (Zeng Yunxiang) at Huazhong University of Science
+and Technology (cse.hust.edu.cn) for the report.
+
+Fixes CVE-2023-43361.
+
+Upstream-Status: Backport [https://gitlab.xiph.org/xiph/vorbis-tools/-/commit/5bb47f58582c15c2413564b741d1d95e7b566aa8]
+CVE: CVE-2023-43361
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ oggenc/platform.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/oggenc/platform.c b/oggenc/platform.c
+index 6d9f4ef..d50ad99 100644
+--- a/oggenc/platform.c
+++ b/oggenc/platform.c
+@@ -136,18 +136,22 @@ int create_directories(char *fn, int isutf8)
+ {
+     char *end, *start;
+     struct stat statbuf;
+-    char *segment = malloc(strlen(fn)+1);
+    const size_t fn_len = strlen(fn);
+    char *segment = malloc(fn_len+1);
+ #ifdef _WIN32
+     wchar_t seg[MAX_PATH+1];
+ #endif
+ 
+     start = fn;
+ #ifdef _WIN32
+-    if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':')
+    // Strip drive prefix
+    if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') {
+         start = start+2;
+    }
+ #endif
+ 
+-    while((end = strpbrk(start+1, PATH_SEPS)) != NULL)
+    // Loop through path segments, creating directories if necessary
+    while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL)
+     {
+         int rv;
+         memcpy(segment, fn, end-fn);
+-- 
+GitLab
+
--- a/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools_1.4.2.bb
+++ b/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools_1.4.2.bb
@ -13,6 +13,7 @@ DEPENDS = "libogg libvorbis"
 SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.gz \
           file://gettext.patch \
           file://0001-ogginfo-Include-utf8.h-for-missing-utf8_decode.patch \
+           file://CVE-2023-43361.patch \
          "

 SRC_URI[md5sum] = "998fca293bd4e4bdc2b96fb70f952f4e"