packages/gstreamer1-plugins-base
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

subparse end_tag and CVE-2023-37328:skip over the end of a valid closing tag instead of only skipping <

Browse Source
This commit is contained in:
technology208 2024-04-11 16:47:31 +08:00
parent 7285a296eb
commit b573dbe4ee
2 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2023-37328.patch
View File

@ -1,14 +1,14 @@
From 18b887d30a81deadd600017265cb61f5d0e1bea0 Mon Sep 17 00:00:00 2001
From 87f13216ec814bac49ca3d5e40c9367e670c6fd5 Mon Sep 17 00:00:00 2001
From: technology208 <technology@208suo.com>
Date: Thu, 14 Mar 2024 15:54:38 +0800
Subject: [PATCH] Create Patch
Date: Thu, 11 Apr 2024 16:02:41 +0800
Subject: [PATCH] CreatePatch
---
gst/subparse/gstsubparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
gst/subparse/gstsubparse.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
index 4254158..e8d3eca 100644
index 4254158..e2d446d 100644
--- a/gst/subparse/gstsubparse.c
+++ b/gst/subparse/gstsubparse.c
@@ -814,7 +814,7 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
@ -20,6 +20,23 @@ index 4254158..e8d3eca 100644
if (end_tag) {
const gchar *last = NULL;
if (num_open_tags > 0)
@@ -822,11 +822,14 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
if (num_open_tags == 0
|| g_ascii_strncasecmp (end_tag - 1, last, strlen (last))) {
GST_LOG ("broken input, closing tag '%s' is not open", end_tag - 1);
- memmove (next_tag, end_tag + 1, strlen (end_tag) + 1);
- next_tag -= strlen (end_tag);
+ memmove (next_tag, end_tag + 1, strlen (end_tag));
+ cur = next_tag;
+ continue;
} else {
--num_open_tags;
g_ptr_array_remove_index (open_tags, num_open_tags);
+ cur = end_tag + 1;
+ continue;
}
}
}
--
2.33.0
2.43.0

5
gstreamer1-plugins-base.spec
View File

@ -3,7 +3,7 @@
Name: gstreamer1-plugins-base
Version: 1.16.2
Release: 4
Release: 5
Summary: GStreamer streaming media framework base plugins
License: LGPLv2+
@ -282,6 +282,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';'
%{_mandir}/man1/gst-device-monitor-*.gz
%changelog
* Mon May 20 2024 technology208 <technology@208suo.com> - 1.16.2-5
- optimize subparse end_tag process
* Fri Mar 15 2024 technology208 <technology@208suo.com> - 1.16.2-4
- fix CVE-2023-37328