diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-09-02 14:09:07 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-09-02 14:09:07 +0100 |
commit | b17a3ef12038de50228bade1f05502c74e135321 (patch) | |
tree | 9026dffec53f92cba48ca9a500a4f778e6304380 /media-libs/gst-rtsp-server/files | |
parent | 3cf7c3ef441822c889356fd1812ebf2944a59851 (diff) |
gentoo resync : 02.09.2020
Diffstat (limited to 'media-libs/gst-rtsp-server/files')
3 files changed, 123 insertions, 0 deletions
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch new file mode 100644 index 000000000000..87b2e54973b4 --- /dev/null +++ b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch @@ -0,0 +1,39 @@ +From ccc8d0c4388056acc801fd855e065eb2b0ca6578 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> +Date: Mon, 23 Mar 2020 16:06:43 +0200 +Subject: [PATCH 3/3] rtsp-auth: Fix NULL pointer dereference when handling an + invalid basic Authorization header + +When using the basic authentication scheme, we wouldn't validate that +the authorization field of the credentials is not NULL and pass it on +to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will +dereference the NULL pointer and crash. +A specially crafted (read: invalid) RTSP header can cause this to +happen. + +As a solution, check for the authorization to be not NULL before +continuing processing it and if it is simply fail authentication. + +This fixes CVE-2020-6095 and TALOS-2020-1018. + +Discovered by Peter Wang of Cisco ASIG. +--- + gst/rtsp-server/rtsp-auth.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c +index f14286f..c15fa18 100644 +--- a/gst/rtsp-server/rtsp-auth.c ++++ b/gst/rtsp-server/rtsp-auth.c +@@ -871,7 +871,7 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPContext * ctx) + + GST_DEBUG_OBJECT (auth, "check Basic auth"); + g_mutex_lock (&priv->lock); +- if ((token = ++ if ((*credential)->authorization && (token = + g_hash_table_lookup (priv->basic, + (*credential)->authorization))) { + GST_DEBUG_OBJECT (auth, "setting token %p", token); +-- +2.20.1 + diff --git a/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch b/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch new file mode 100644 index 000000000000..679c5c5207cf --- /dev/null +++ b/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch @@ -0,0 +1,59 @@ +From df227481504574ecc6028400d17870913a16a047 Mon Sep 17 00:00:00 2001 +From: Jordan Petridis <jordan@centricular.com> +Date: Thu, 23 Jan 2020 16:41:26 +0200 +Subject: [PATCH 2/3] rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as + it's been deprecated + +from glib +``` +Deprecated: 2.58: Use %G_ADD_PRIVATE and the generated + `your_type_get_instance_private()` function instead +``` +--- + gst/rtsp-server/rtsp-latency-bin.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/gst/rtsp-server/rtsp-latency-bin.c b/gst/rtsp-server/rtsp-latency-bin.c +index cf7cdf1..c297ab6 100644 +--- a/gst/rtsp-server/rtsp-latency-bin.c ++++ b/gst/rtsp-server/rtsp-latency-bin.c +@@ -23,9 +23,6 @@ + #include <gst/gst.h> + #include "rtsp-latency-bin.h" + +-#define GST_RTSP_LATENCY_BIN_GET_PRIVATE(obj) \ +- (G_TYPE_INSTANCE_GET_PRIVATE ((obj), GST_RTSP_LATENCY_BIN_TYPE, GstRTSPLatencyBinPrivate)) +- + struct _GstRTSPLatencyBinPrivate + { + GstPad *sinkpad; +@@ -106,7 +103,7 @@ gst_rtsp_latency_bin_get_property (GObject * object, guint propid, + { + GstRTSPLatencyBin *latency_bin = GST_RTSP_LATENCY_BIN (object); + GstRTSPLatencyBinPrivate *priv = +- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin); ++ gst_rtsp_latency_bin_get_instance_private (latency_bin); + + switch (propid) { + case PROP_ELEMENT: +@@ -140,7 +137,7 @@ gst_rtsp_latency_bin_add_element (GstRTSPLatencyBin * latency_bin, + GstElement * element) + { + GstRTSPLatencyBinPrivate *priv = +- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin); ++ gst_rtsp_latency_bin_get_instance_private (latency_bin); + GstPad *pad; + GstPadTemplate *templ; + +@@ -250,7 +247,7 @@ static gboolean + gst_rtsp_latency_bin_recalculate_latency (GstRTSPLatencyBin * latency_bin) + { + GstRTSPLatencyBinPrivate *priv = +- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin); ++ gst_rtsp_latency_bin_get_instance_private (latency_bin); + GstEvent *latency; + GstQuery *query; + GstClockTime min_latency; +-- +2.20.1 + diff --git a/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch b/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch new file mode 100644 index 000000000000..2707c3ebdc05 --- /dev/null +++ b/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch @@ -0,0 +1,25 @@ +From 9dfdcb71e84e53e25388a6e0b485a70c45ea0dec Mon Sep 17 00:00:00 2001 +From: Nicola Murino <nicola.murino@gmail.com> +Date: Thu, 12 Dec 2019 17:56:18 +0100 +Subject: [PATCH 1/3] rtsp-auth: fix default token leak + +--- + gst/rtsp-server/rtsp-auth.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c +index f676b80..f14286f 100644 +--- a/gst/rtsp-server/rtsp-auth.c ++++ b/gst/rtsp-server/rtsp-auth.c +@@ -214,6 +214,8 @@ gst_rtsp_auth_finalize (GObject * obj) + g_hash_table_unref (priv->basic); + g_hash_table_unref (priv->digest); + g_hash_table_unref (priv->nonces); ++ if (priv->default_token) ++ gst_rtsp_token_unref (priv->default_token); + g_mutex_clear (&priv->lock); + g_free (priv->realm); + +-- +2.20.1 + |