Commit 307dc9e1 authored by Leo's avatar Leo
Browse files

main/screen: fix CVE-2021-26937

See: #12424
parent d66329a5
Pipeline #71597 passed with stages
in 8 minutes and 43 seconds
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=screen
pkgver=4.6.2
pkgrel=1
pkgrel=2
pkgdesc="A window manager that multiplexes a physical terminal"
url="http://ftp.gnu.org/gnu/screen/"
arch="all"
......@@ -16,6 +16,8 @@ source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 4.6.2-r2:
# - CVE-2021-26937
# 4.6.2-r1:
# - CVE-2020-9366
......@@ -43,6 +45,5 @@ package() {
install -Dm644 etc/etcscreenrc "$pkgdir"/etc/screenrc
install -Dm644 etc/screenrc "$pkgdir"/etc/skel/.screenrc
}
sha512sums="224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 screen-4.6.2.tar.gz
a711983119b86527a85464d4f5c8fecd6d481ab5691dd7b1b83c33983594d511ac69a8a67b088906540f8475dba08bda4ba559b2b514ac43535bd668db801fe0 CVE-2020-9366.patch"
Description: [CVE-2021-26937] Fix out of bounds array access
Author: Axel Beckert <abe@debian.org>
Bug-Debian: https://bugs.debian.org/982435
Bug: https://savannah.gnu.org/bugs/?60030
Bug: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
Bug-OSS-Security: https://www.openwall.com/lists/oss-security/2021/02/09/3
Forwarded: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00004.html
--- a/encoding.c
+++ b/encoding.c
@@ -1408,21 +1408,23 @@
}
/* FIXME: delete old char from all buffers */
}
- else if (!combchars[i])
- {
- combchars[i] = (struct combchar *)malloc(sizeof(struct combchar));
- if (!combchars[i])
- return;
- combchars[i]->prev = i;
- combchars[i]->next = i;
- }
- combchars[i]->c1 = c1;
- combchars[i]->c2 = c;
- mc->image = i & 0xff;
- mc->font = (i >> 8) + 0xd8;
- mc->fontx = 0;
- debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
- comb_tofront(root, i);
+ else if (i < sizeof combchars / sizeof *combchars) {
+ if (!combchars[i])
+ {
+ combchars[i] = (struct combchar *)malloc(sizeof(struct combchar));
+ if (!combchars[i])
+ return;
+ combchars[i]->prev = i;
+ combchars[i]->next = i;
+ }
+ combchars[i]->c1 = c1;
+ combchars[i]->c2 = c;
+ mc->image = i & 0xff;
+ mc->font = (i >> 8) + 0xd8;
+ mc->fontx = 0;
+ debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
+ comb_tofront(root, i);
+ }
}
#else /* !UTF8 */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment