From 2f7f4f5ccbc37fa97f16cc302b6ce705486795c3 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Thu, 24 Oct 2024 19:42:17 +0800
Subject: [PATCH] Fix CVE-2023-43361

(cherry picked from commit f270a6d2135917c7fb629cfc109f157cd835d0a9)
---
 CVE-2023-43361.patch | 63 ++++++++++++++++++++++++++++++++++++++++++++
 vorbis-tools.spec    |  6 ++++-
 2 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2023-43361.patch

diff --git a/CVE-2023-43361.patch b/CVE-2023-43361.patch
new file mode 100644
index 0000000..bf3a989
--- /dev/null
+++ b/CVE-2023-43361.patch
@@ -0,0 +1,63 @@
+From 69dfbe06ce02e6199444245397acf79fb6857b4c Mon Sep 17 00:00:00 2001
+From: Ralph Giles <giles@thaumas.net>
+Date: Sun, 17 Sep 2023 11:49:12 -0700
+Subject: [PATCH] oggenc: Don't assume the output path ends in a file name.
+
+Origin: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7
+
+oggenc attempts to create any specified directories in the output
+file path if they don't exist. The parser was assuming there was
+a final filename after the last directory separator, and so would
+try to read off the end of the argument if it was a bare directory
+such as `./` or `outdir/`. This adds a check to make sure the
+scan isn't starting off the end of the path string.
+
+Thanks to Frank-Z7 (Zeng Yunxiang) at Huazhong University of Science
+and Technology (cse.hust.edu.cn) for the report.
+---
+ oggenc/platform.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/oggenc/platform.c b/oggenc/platform.c
+index 6d9f4ef..ee0b7ce 100644
+--- a/oggenc/platform.c
++++ b/oggenc/platform.c
+@@ -136,18 +136,23 @@ int create_directories(char *fn, int isutf8)
+ {
+     char *end, *start;
+     struct stat statbuf;
+-    char *segment = malloc(strlen(fn)+1);
++    const size_t fn_len = strlen(fn);
++    char *segment = malloc(fn_len+1);
+ #ifdef _WIN32
+     wchar_t seg[MAX_PATH+1];
+ #endif
+ 
+     start = fn;
+ #ifdef _WIN32
+-    if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':')
++    // Strip drive prefix
++    if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') {
+         start = start+2;
++    }
+ #endif
+ 
+-    while((end = strpbrk(start+1, PATH_SEPS)) != NULL)
++    // Loop through path segments, creating directories if necessary
++    while((start+1 - fn < fn_len) &&
++          (end = strpbrk(start+1, PATH_SEPS)) != NULL)
+     {
+         int rv;
+         memcpy(segment, fn, end-fn);
+@@ -159,7 +164,7 @@ int create_directories(char *fn, int isutf8)
+             rv = _wstat(seg,&statbuf);
+         } else
+ #endif
+-            rv = stat(segment,&statbuf);
++        rv = stat(segment, &statbuf);
+         if(rv) {
+             if(errno == ENOENT) {
+ #ifdef _WIN32
+-- 
+GitLab
+
diff --git a/vorbis-tools.spec b/vorbis-tools.spec
index ac3d273..d075618 100644
--- a/vorbis-tools.spec
+++ b/vorbis-tools.spec
@@ -1,12 +1,13 @@
 Name:		vorbis-tools
 Summary:	Several Ogg Vorbis Tools
 Version:	1.4.2
-Release:	3
+Release:	4
 Epoch:		1
 License:	GPLv2
 URL:		http://www.xiph.org/
 Source:		http://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.gz
 Patch1:         vorbis-tools-1.4.2-man-page.patch
+Patch2:         CVE-2023-43361.patch
 
 BuildRequires:	flac-devel gettext gcc libao-devel libcurl-devel libvorbis-devel speex-devel chrpath
 
@@ -48,6 +49,9 @@ chrpath -d %{buildroot}%{_bindir}/*
 %exclude %{_docdir}/%{name}*
 
 %changelog
+* Thu Oct 24 2024 wangkai <13474090681@163.com> - 1:1.4.2-4
+- Fix CVE-2023-43361
+
 * Thu Oct 28 2021 Chenxi Mao <chenxi.mao@suse.com> - 1:1.4.2-3
 - Add chrpath to BuildRequires
 
-- 
Gitee