('binary' encoding is not supported, stored as-is) In-Reply-To: <200301131823.h0DINJbE014752at_private> I'm not going to address the veracity of the narrative text of this posting, however the exploit is real. I believe that the patch to mpg123 given below closes this particular hole. I have no affiliation with the authors of mpg123 and haven't contacted them, but am providing this patch now because an exploit is publically available. I can, if necessary, provide further explanation of the exploit and the rationale behind the patch but will not do so at this late hour. This patch is with respect to mpg123-pre0.59s and is to the file common.c: --- common.c.orig Wed Jan 15 02:16:08 2003 +++ common.c Wed Jan 15 02:18:52 2003 @@ -579,6 +579,11 @@ fprintf(stderr,"Sorry, unknown layer type.\n"); return (0); } + if (fr->framesize>MAX_INPUT_FRAMESIZE) { + fprintf(stderr,"Frame size too big.\n"); + fr->framesize = MAX_INPUT_FRAMESIZE; + return 0; + } if(!fr->bitrate_index) { /* fprintf(stderr,"Warning, Free format not heavily tested: (head %08lx)\n",newhead); */ Sincerely, Benjamin Tober
This archive was generated by hypermail 2b30 : Wed Jan 15 2003 - 11:29:51 PST