Fix for CVE-2008-5239

xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.
author: Matthias Hopf <mhopf@suse.de> 2009-01-04 17:21:46 +0000
committer: Matthias Hopf <mhopf@suse.de> 2009-01-04 17:21:46 +0000
commit: 0c51806592bae19fbc4f1f6615e5b3f4cb8e7dc3 (patch)
tree: edc869e912cdf626c2faf9656bd29a4641bba3a0 /src/input/input_dvd.c
parent: 49d4eec32b8c05eadfaf9c42b3dcd7407815fd9a (diff)
download: xine-lib-0c51806592bae19fbc4f1f6615e5b3f4cb8e7dc3.tar.gz
xine-lib-0c51806592bae19fbc4f1f6615e5b3f4cb8e7dc3.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/src/input/input_dvd.c b/src/input/input_dvd.c
index a845d7628..ff3000e5d 100644
--- a/src/input/input_dvd.c
+++ b/src/input/input_dvd.c
@@ -850,6 +850,9 @@ static buf_element_t *dvd_plugin_read_block (input_plugin_t *this_gen,
 static off_t dvd_plugin_read (input_plugin_t *this_gen, char *ch_buf, off_t len) {
 /*  dvd_input_plugin_t *this = (dvd_input_plugin_t*)this_gen; */
 
+  if (len < 4)
+    return -1;
+
   /* FIXME: Tricking the demux_mpeg_block plugin */
   ch_buf[0] = 0;
   ch_buf[1] = 0;
author	Matthias Hopf <mhopf@suse.de>	2009-01-04 17:21:46 +0000
committer	Matthias Hopf <mhopf@suse.de>	2009-01-04 17:21:46 +0000
commit	0c51806592bae19fbc4f1f6615e5b3f4cb8e7dc3 (patch)
tree	edc869e912cdf626c2faf9656bd29a4641bba3a0 /src/input/input_dvd.c
parent	49d4eec32b8c05eadfaf9c42b3dcd7407815fd9a (diff)
download	xine-lib-0c51806592bae19fbc4f1f6615e5b3f4cb8e7dc3.tar.gz xine-lib-0c51806592bae19fbc4f1f6615e5b3f4cb8e7dc3.tar.bz2