Skip to content

GitLab

aports
aports
Commit fca0c1b3 authored by Leo's avatar Leo
Browse files
Options

main/screen: fix CVE-2020-9366

parent 3f5cd043
Pipeline #11757 failed with stages
      in 1 minute and 10 seconds
      Hide whitespace changes
      Inline Side-by-side
      Showing with 52 additions and 3 deletions
      main/screen/APKBUILD
      View file @ fca0c1b3
      ......@@ -2,7 +2,7 @@
      # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
      pkgname=screen
      pkgver=4.6.2
      pkgrel=0
      pkgrel=1
      pkgdesc="A window manager that multiplexes a physical terminal"
      url="http://ftp.gnu.org/gnu/screen/"
      arch="all"
      ......@@ -10,9 +10,15 @@ license="GPL-3.0-or-later"
      options="!check" # No test suite.
      makedepends="ncurses-dev ncurses"
      subpackages="$pkgname-doc"
      source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
      source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
      CVE-2020-9366.patch
      "
      builddir="$srcdir/$pkgname-$pkgver"
      # secfixes:
      # 4.6.2-r1:
      # - CVE-2020-9366
      build() {
      cd "$builddir"
      ./configure \
      ......@@ -38,4 +44,5 @@ package() {
      install -Dm644 etc/screenrc "$pkgdir"/etc/skel/.screenrc
      }
      sha512sums="224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 screen-4.6.2.tar.gz"
      sha512sums="224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 screen-4.6.2.tar.gz
      7cf69866a2c6e18a72b8df90550d12294c95245a39b1c16a5de9eb1dbaf732d1474af7e0f9d42941286911e136e437f8029cd134858c456eaabee6ef6cfce111 CVE-2020-9366.patch"
      main/screen/CVE-2020-9366.patch 0 → 100644
      View file @ fca0c1b3
      From 68386dfb1fa33471372a8cd2e74686758a2f527b Mon Sep 17 00:00:00 2001
      From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>
      Date: Thu, 30 Jan 2020 17:56:27 +0100
      Subject: Fix out of bounds access when setting w_xtermosc after OSC 49
      MIME-Version: 1.0
      Content-Type: text/plain; charset=UTF-8
      Content-Transfer-Encoding: 8bit
      echo -e "\e]49\e; \n\ec"
      crashes screen.
      This happens because 49 is divided by 10 and used as table index
      resulting in access to w_xtermosc[4], which is out of bounds with table
      itself being size 4. Increase size of table by 1 to 5, which is enough
      for all current uses.
      As this overwrites memory based on user input it is potential security
      issue.
      Reported-by: pippin@gimp.org
      Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
      ---
      src/window.h | 2 +-
      1 file changed, 1 insertion(+), 1 deletion(-)
      diff --git a/src/window.h b/src/window.h
      index fbe98dc..11d2a9e 100644
      --- a/window.h
      +++ b/window.h
      @@ -237,7 +237,7 @@ struct win
      char w_vbwait;
      char w_norefresh; /* dont redisplay when switching to that win */
      #ifdef RXVT_OSC
      - char w_xtermosc[4][MAXSTR]; /* special xterm/rxvt escapes */
      + char w_xtermosc[5][MAXSTR]; /* special xterm/rxvt escapes */
      #endif
      int w_mouse; /* mouse mode 0,9,1000 */
      int w_extmouse; /* extended mouse mode 0,1006 */
      --
      cgit v1.2.1
      Markdown is supported
      0% or .
      You are about to add 0 people to the discussion. Proceed with caution.
      Finish editing this message first!
      Please register or to comment