Skip to content
Snippets Groups Projects
Commit 3aeda345 authored by Ariadne Conill's avatar Ariadne Conill
Browse files

community/libvterm: add mitigation for CVE-2018-20786

parent 5cef9d18
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
community/libvterm/APKBUILD
+ 11
3
View file @ 3aeda345
...@@ -3,16 +3,21 @@ ...@@ -3,16 +3,21 @@
pkgname=libvterm pkgname=libvterm
pkgver=0.1.20190920 pkgver=0.1.20190920
_gitref=fcbccd3c79bfa811800fea24db3a77384941cb70 _gitref=fcbccd3c79bfa811800fea24db3a77384941cb70
pkgrel=0 pkgrel=1
pkgdesc="Abstract library implementation of a VT220/xterm/ECMA-48 terminal emulator" pkgdesc="Abstract library implementation of a VT220/xterm/ECMA-48 terminal emulator"
url="http://www.leonerd.org.uk/code/libvterm/" url="http://www.leonerd.org.uk/code/libvterm/"
arch="all" arch="all"
license="MIT" license="MIT"
makedepends="libtool perl" makedepends="libtool perl"
subpackages="$pkgname-dev" subpackages="$pkgname-dev"
source="$pkgname-$_gitref.tar.gz::https://github.com/neovim/libvterm/archive/$_gitref.tar.gz" source="$pkgname-$_gitref.tar.gz::https://github.com/neovim/libvterm/archive/$_gitref.tar.gz
CVE-2018-20786.patch"
builddir="$srcdir/$pkgname-$_gitref" builddir="$srcdir/$pkgname-$_gitref"
# secfixes:
# 0.1.20190920-r1:
# - CVE-2018-20786
build() { build() {
make PREFIX=/usr make PREFIX=/usr
} }
...@@ -26,4 +31,7 @@ package() { ...@@ -26,4 +31,7 @@ package() {
rm -f "$pkgdir"/usr/lib/*.a rm -f "$pkgdir"/usr/lib/*.a
} }
sha512sums="230cee033cb0242a910c3c78b8744105648abec194477962c7903f5f0ee74f49264b0ea516d0ddd83f047cba426158c40e0472880f49e9e037dd0712dc8a9bee libvterm-fcbccd3c79bfa811800fea24db3a77384941cb70.tar.gz" sha512sums="
230cee033cb0242a910c3c78b8744105648abec194477962c7903f5f0ee74f49264b0ea516d0ddd83f047cba426158c40e0472880f49e9e037dd0712dc8a9bee libvterm-fcbccd3c79bfa811800fea24db3a77384941cb70.tar.gz
7f4b56ddbe5d8cb9abfd6963cdefac48396f9429463c897ccdd9498693267cb2ea7d1f27938686004685c70e1c0a4315b5c47244bd8563412cb63fc557d31301 CVE-2018-20786.patch
"
community/libvterm/CVE-2018-20786.patch 0 → 100644
+ 132
0
View file @ 3aeda345
=== modified file 'src/screen.c'
--- old/src/screen.c 2020-01-06 14:57:05 +0000
+++ new/src/screen.c 2021-07-06 15:00:30 +0000
@@ -659,13 +659,19 @@
.setlineinfo = &setlineinfo,
};
+/*
+ * Allocate a new screen and return it.
+ * Return NULL when out of memory.
+ */
static VTermScreen *screen_new(VTerm *vt)
{
VTermState *state = vterm_obtain_state(vt);
- if(!state)
+ if (state == NULL)
return NULL;
VTermScreen *screen = vterm_allocator_malloc(vt, sizeof(VTermScreen));
+ if (screen == NULL)
+ return NULL;
int rows, cols;
vterm_get_size(vt, &rows, &cols);
@@ -689,6 +695,12 @@
screen->sb_buffer = vterm_allocator_malloc(screen->vt, sizeof(VTermScreenCell) * cols);
+ if (screen->buffer == NULL || screen->sb_buffer == NULL)
+ {
+ vterm_screen_free(screen);
+ return NULL;
+ }
+
vterm_state_set_callbacks(screen->state, &state_cbs, screen);
return screen;
@@ -697,11 +709,8 @@
INTERNAL void vterm_screen_free(VTermScreen *screen)
{
vterm_allocator_free(screen->vt, screen->buffers[BUFIDX_PRIMARY]);
- if(screen->buffers[BUFIDX_ALTSCREEN])
- vterm_allocator_free(screen->vt, screen->buffers[BUFIDX_ALTSCREEN]);
-
+ vterm_allocator_free(screen->vt, screen->buffers[BUFIDX_ALTSCREEN]);
vterm_allocator_free(screen->vt, screen->sb_buffer);
-
vterm_allocator_free(screen->vt, screen);
}
=== modified file 'src/state.c'
--- old/src/state.c 2021-05-11 22:07:17 +0000
+++ new/src/state.c 2021-07-06 14:57:04 +0000
@@ -60,6 +60,8 @@
{
VTermState *state = vterm_allocator_malloc(vt, sizeof(VTermState));
+ if (state == NULL)
+ return NULL;
state->vt = vt;
state->rows = vt->rows;
@@ -1955,12 +1957,18 @@
.resize = on_resize,
};
+/*
+ * Return the existing state or create a new one.
+ * Returns NULL when out of memory.
+ */
VTermState *vterm_obtain_state(VTerm *vt)
{
if(vt->state)
return vt->state;
VTermState *state = vterm_state_new(vt);
+ if (state == NULL)
+ return NULL;
vt->state = state;
vterm_parser_set_callbacks(vt, &parser_callbacks, state);
=== modified file 'src/vterm.c'
--- old/src/vterm.c 2020-01-06 14:57:05 +0000
+++ new/src/vterm.c 2021-07-06 15:03:02 +0000
@@ -37,6 +37,9 @@
/* Need to bootstrap using the allocator function directly */
VTerm *vt = (*funcs->malloc)(sizeof(VTerm), allocdata);
+ if (vt == NULL)
+ return NULL;
+
vt->allocator = funcs;
vt->allocdata = allocdata;
@@ -54,9 +57,19 @@
vt->outbuffer_len = 64;
vt->outbuffer_cur = 0;
vt->outbuffer = vterm_allocator_malloc(vt, vt->outbuffer_len);
+ if (vt->outbuffer == NULL)
+ {
+ vterm_allocator_free(vt, vt);
+ return NULL;
+ }
vt->tmpbuffer_len = 64;
vt->tmpbuffer = vterm_allocator_malloc(vt, vt->tmpbuffer_len);
+ if (vt->tmpbuffer == NULL)
+ {
+ vterm_allocator_free(vt, vt);
+ return NULL;
+ }
return vt;
}
@@ -80,9 +93,13 @@
return (*vt->allocator->malloc)(size, vt->allocdata);
}
+/*
+ * Free "ptr" unless it is NULL.
+ */
INTERNAL void vterm_allocator_free(VTerm *vt, void *ptr)
{
- (*vt->allocator->free)(ptr, vt->allocdata);
+ if (ptr != NULL)
+ (*vt->allocator->free)(ptr, vt->allocdata);
}
void vterm_get_size(const VTerm *vt, int *rowsp, int *colsp)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment