diff options
| author |   Mart Raudsepp <leio@gentoo.org> | 2020-08-29 12:58:35 +0300 |
|---|---|---|
| committer | Mart Raudsepp <leio@gentoo.org> | 2020-08-29 12:59:46 +0300 |
| commit | 4fa29d9e36377f98e19c9a9eddead073781f18eb (patch) | |
| tree | 39d08c3a6c8c5f9051b840f1c26e3d62647b559f /media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch | |
| parent | app-office/texstudio: Drop old (diff) | |
| download | gentoo-4fa29d9e36377f98e19c9a9eddead073781f18eb.tar.gz gentoo-4fa29d9e36377f98e19c9a9eddead073781f18eb.tar.bz2 gentoo-4fa29d9e36377f98e19c9a9eddead073781f18eb.zip | |
media-libs/gst-rtsp-server: bump to 1.16.2, fix CVE-2020-6095
Includes 3 commits from origin/1.16, including fix for CVE-2020-6095.
Tests fail due to new max-ttl work in 1.16, disable for now.
1.18 will be meson-based and we'll retry with tests naturally then.
Bug: https://bugs.gentoo.org/715100
Package-Manager: Portage-2.3.103, Repoman-2.3.20
Signed-off-by: Mart Raudsepp <leio@gentoo.org>
Diffstat (limited to 'media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch')
| -rw-r--r-- | media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch new file mode 100644 index 000000000000..87b2e54973b4 --- /dev/null +++ b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch @@ -0,0 +1,39 @@ +From ccc8d0c4388056acc801fd855e065eb2b0ca6578 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> +Date: Mon, 23 Mar 2020 16:06:43 +0200 +Subject: [PATCH 3/3] rtsp-auth: Fix NULL pointer dereference when handling an + invalid basic Authorization header + +When using the basic authentication scheme, we wouldn't validate that +the authorization field of the credentials is not NULL and pass it on +to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will +dereference the NULL pointer and crash. +A specially crafted (read: invalid) RTSP header can cause this to +happen. + +As a solution, check for the authorization to be not NULL before +continuing processing it and if it is simply fail authentication. + +This fixes CVE-2020-6095 and TALOS-2020-1018. + +Discovered by Peter Wang of Cisco ASIG. +--- + gst/rtsp-server/rtsp-auth.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c +index f14286f..c15fa18 100644 +--- a/gst/rtsp-server/rtsp-auth.c ++++ b/gst/rtsp-server/rtsp-auth.c +@@ -871,7 +871,7 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPContext * ctx) + + GST_DEBUG_OBJECT (auth, "check Basic auth"); + g_mutex_lock (&priv->lock); +- if ((token = ++ if ((*credential)->authorization && (token = + g_hash_table_lookup (priv->basic, + (*credential)->authorization))) { + GST_DEBUG_OBJECT (auth, "setting token %p", token); +-- +2.20.1 + |