libcdaudio/repos/extra-x86_64/01-cddb-bufferoverflow.patch

   1 Author: Moritz Muehlenhoff <jmm@inutil.org>
   2 Description: CAN-2005-0706: Bufferoverflow in CDDB lookup parsing
   3
   4 diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
   5 --- libcdaudio.orig/src/cddb.c  2009-08-02 10:30:05.000000000 +0000
   6 +++ libcdaudio/src/cddb.c       2009-08-02 10:34:57.000000000 +0000
   7 @@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock,
   8      }
   9
  10      query->query_matches = 0;
  11 -    while(!cddb_read_line(sock, inbuffer, 256)) {
  12 +    while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) {
  13        slashed = 0;
  14        if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
  15         index = 0;