Commit fca0c1b3 authored by Leo's avatar Leo

main/screen: fix CVE-2020-9366

parent 3f5cd043
Pipeline #11757 failed with stages
in 1 minute and 10 seconds
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=screen
pkgver=4.6.2
pkgrel=0
pkgrel=1
pkgdesc="A window manager that multiplexes a physical terminal"
url="http://ftp.gnu.org/gnu/screen/"
arch="all"
......@@ -10,9 +10,15 @@ license="GPL-3.0-or-later"
options="!check" # No test suite.
makedepends="ncurses-dev ncurses"
subpackages="$pkgname-doc"
source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
CVE-2020-9366.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 4.6.2-r1:
# - CVE-2020-9366
build() {
cd "$builddir"
./configure \
......@@ -38,4 +44,5 @@ package() {
install -Dm644 etc/screenrc "$pkgdir"/etc/skel/.screenrc
}
sha512sums="224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 screen-4.6.2.tar.gz"
sha512sums="224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 screen-4.6.2.tar.gz
7cf69866a2c6e18a72b8df90550d12294c95245a39b1c16a5de9eb1dbaf732d1474af7e0f9d42941286911e136e437f8029cd134858c456eaabee6ef6cfce111 CVE-2020-9366.patch"
From 68386dfb1fa33471372a8cd2e74686758a2f527b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>
Date: Thu, 30 Jan 2020 17:56:27 +0100
Subject: Fix out of bounds access when setting w_xtermosc after OSC 49
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
echo -e "\e]49\e; \n\ec"
crashes screen.
This happens because 49 is divided by 10 and used as table index
resulting in access to w_xtermosc[4], which is out of bounds with table
itself being size 4. Increase size of table by 1 to 5, which is enough
for all current uses.
As this overwrites memory based on user input it is potential security
issue.
Reported-by: pippin@gimp.org
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
---
src/window.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/window.h b/src/window.h
index fbe98dc..11d2a9e 100644
--- a/window.h
+++ b/window.h
@@ -237,7 +237,7 @@ struct win
char w_vbwait;
char w_norefresh; /* dont redisplay when switching to that win */
#ifdef RXVT_OSC
- char w_xtermosc[4][MAXSTR]; /* special xterm/rxvt escapes */
+ char w_xtermosc[5][MAXSTR]; /* special xterm/rxvt escapes */
#endif
int w_mouse; /* mouse mode 0,9,1000 */
int w_extmouse; /* extended mouse mode 0,1006 */
--
cgit v1.2.1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment