From a3ff166a5a99ea97f9037a82f5c2a578348291ac Mon Sep 17 00:00:00 2001
From: Paul Gevers <elbrus@debian.org>
Date: Tue, 2 Jan 2018 06:20:03 +0100
Subject: [PATCH] Only write audio data to a temporariy file in debug builds

This isn't useful in regular builds and is actually a security concern,
although it seems (see discussion in [Bug-Debian]) that this is most likely
only reached during testsuite calls.

CVE-2014-0027

Original patch from Rui Matos <tiagomatos@gmail.com>
Date: Mon, 6 Jan 2014 13:45:00 +0000
Bug-Debian: http://bugs.debian.org/734746
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1048678
Source: https://bugzilla.redhat.com/attachment.cgi?id=846118
---
 src/audio/auserver.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/audio/auserver.c b/src/audio/auserver.c
index 800c27d..cfcad7d 100644
--- a/src/audio/auserver.c
+++ b/src/audio/auserver.c
@@ -67,9 +67,11 @@ static int play_wave_from_socket(snd_header *header,int audiostream)
     int q,i,n,r;
     unsigned char bytes[CST_AUDIOBUFFSIZE];
     short shorts[CST_AUDIOBUFFSIZE];
+#ifdef DEBUG
     cst_file fff;
 
     fff = cst_fopen("/tmp/awb.wav",CST_OPEN_WRITE|CST_OPEN_BINARY);
+#endif
 
     if ((audio_device = audio_open(header->sample_rate,1,
 				   (header->encoding == CST_SND_SHORT) ?
@@ -116,7 +118,9 @@ static int play_wave_from_socket(snd_header *header,int audiostream)
 	for (q=r; q > 0; q-=n)
 	{
 	    n = audio_write(audio_device,shorts,q);
+#ifdef DEBUG
 	    cst_fwrite(fff,shorts,2,q);
+#endif
 	    if (n <= 0)
 	    {
 		audio_close(audio_device);
@@ -125,7 +129,9 @@ static int play_wave_from_socket(snd_header *header,int audiostream)
 	}
     }
     audio_close(audio_device);
+#ifdef DEBUG
     cst_fclose(fff);
+#endif
 
     return CST_OK_FORMAT;
 
-- 
2.24.1