1 files changed, 45 insertions, 0 deletions

diff --git a/audio/libcdaudio/files/patch-CVE-2008-5030.2005-0706 b/audio/libcdaudio/files/patch-CVE-2008-5030.2005-0706
new file mode 100644
index 000000000000..415b57ceb133
--- /dev/null
+++ b/audio/libcdaudio/files/patch-CVE-2008-5030.2005-0706
@@ -0,0 +1,45 @@
+--- src/cddb.c.orig	2004-09-09 05:26:39.000000000 +0400
++++ src/cddb.c	2008-11-21 17:33:50.000000000 +0300
+@@ -1052,7 +1052,8 @@
+     }
+ 	   
+     query->query_matches = 0;
+-    while(!cddb_read_line(sock, inbuffer, 256)) {
++    while(query->query_matches < MAX_INEXACT_MATCHES &&
++        !cddb_read_line(sock, inbuffer, 256)) {
+       slashed = 0;
+       if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
+ 	index = 0;
+@@ -1601,7 +1602,7 @@
+     return -1;
+   }
+    
+-  if((inbuffer = malloc(256)) == NULL) {
++  if((inbuffer = malloc(512)) == NULL) {
+     free(root_dir);
+     free(file);
+     return -1;
+--- src/coverart.c.orig	2008-11-21 17:36:39.000000000 +0300
++++ src/coverart.c	2008-11-21 17:39:41.000000000 +0300
+@@ -131,7 +131,9 @@
+     }
+   } else if(strncmp(line, "Album", 5) == 0) {
+     long n = strtol((char *)line + 5, NULL, 10);
+-    if(parse_disc_artist && strchr(procbuffer, '/') != NULL) {
++    if(n >= MAX_INEXACT_MATCHES) {
++      // Too much data, can't store it
++    } else if(parse_disc_artist && strchr(procbuffer, '/') != NULL) {
+       strtok(procbuffer, "/");
+       strncpy(query->query_list[n].list_artist, procbuffer,
+ 	      (strlen(procbuffer) < 64) ? (strlen(procbuffer) - 1) : 64); 
+@@ -143,7 +145,9 @@
+     }
+   } else if(strncmp(line, "Url", 3) == 0) {
+     long n = strtol((char *)line + 3, NULL, 10);
+-    cddb_process_url(&query->query_list[n].list_host, procbuffer);
++    if (n < MAX_INEXACT_MATCHES) {
++      cddb_process_url(&query->query_list[n].list_host, procbuffer);
++    }
+   }
+ 
+   return;