Re: Re: sox: patches for old vulnerabilities

[Steffen Nurpmeso <steffen () sdaoden eu>]

Steffen Nurpmeso wrote in
 <20230314201652.RlbWr%steffen () sdaoden eu>:
 ...
 ||Helmut Grohne wrote in
 || <20230314110138.GA1192267 () subdivi de>:
 |||On Fri, Feb 03, 2023 at 09:44:47PM +0100, Helmut Grohne wrote:
 |||>  * CVE-2021-33844
 |||
 |||The original fix for this issue would cause a regression. After applying
 |||it, sox would be unable to decode WAV GSM files. This has been reported
 ...

Today i got a nice email from Nam Nguyen who pointed out that my
last patch to this topic (also) introduced a bug.  So i downloaded
libGSM and yes he was right.  So on top of them all a partial undo
of the last is necessary; i will attach the full diff, too.

Thank you Nam Nguyen!
Ciao already here,

    wav_read_fmt(): fix previous! (Nam Nguyen (namn AT berkeley DOT edu))
---
 src/wav.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/wav.c b/src/wav.c
index 380796c0f0..b93ee37667 100644
--- a/src/wav.c
+++ b/src/wav.c
@@ -654,11 +654,7 @@ static int wav_read_fmt(sox_format_t *ft, uint32_t len)
     if (err)
         return SOX_EOF;
 
-    if (wav->bitsPerSample == 0
-#ifdef HAVE_LIBGSM
-            && wav->formatTag != WAVE_FORMAT_GSM610
-#endif
-    ){
+    if (wav->bitsPerSample == 0){
         lsx_fail_errno(ft, SOX_EHDR, "WAV file bits per sample is zero");
         return SOX_EOF;
     }


--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

Attachment: sox-git.patch
Description: