Skip to content
Snippets Groups Projects
Commit 51f55010 authored by Kevin Daudt's avatar Kevin Daudt :computer: Committed by Leo
Browse files

main/screen: use better patch for CVE-2021-26937 

The patch from Debian will result in screen stop propertly processing
combining characters after all slots have been exhausted.
parent 4cb95b13
No related branches found
No related tags found
6 merge requests!202783.13 vala,!192543.13 gptfdisk,!191533.13 privoxy,!190083.13 openjpeg,!183543.13 webkit2gtk,!18273main/screen: use better patch for CVE-2021-26937
Hide whitespace changes
Inline Side-by-side
main/screen/APKBUILD
+ 2
2
View file @ 51f55010
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=screen pkgname=screen
pkgver=4.8.0 pkgver=4.8.0
pkgrel=4 pkgrel=5
pkgdesc="Window manager that multiplexes a physical terminal" pkgdesc="Window manager that multiplexes a physical terminal"
url="https://www.gnu.org/software/screen/" url="https://www.gnu.org/software/screen/"
arch="all" arch="all"
...@@ -50,4 +50,4 @@ package() { ...@@ -50,4 +50,4 @@ package() {
sha512sums="770ebaf6ee9be711bcb8a6104b3294f2bf4523dae6683fdc5eac4b3aff7e511be2d922b6b2ad28ec241113c2e4fe0d80f9a482ae1658adc19c8c3a3680caa25c screen-4.8.0.tar.gz sha512sums="770ebaf6ee9be711bcb8a6104b3294f2bf4523dae6683fdc5eac4b3aff7e511be2d922b6b2ad28ec241113c2e4fe0d80f9a482ae1658adc19c8c3a3680caa25c screen-4.8.0.tar.gz
82aca3e16c8cd7a3029d3b589ff2dd3471708d6287979ebb5cfdaedbd1f3012c0cd660b131e0cbe142b99786e49ef8b24c63159523d870e95ccf71ec94b82634 utmpx.patch 82aca3e16c8cd7a3029d3b589ff2dd3471708d6287979ebb5cfdaedbd1f3012c0cd660b131e0cbe142b99786e49ef8b24c63159523d870e95ccf71ec94b82634 utmpx.patch
1c9fec7b971d1674c8be9b0b540d33bb977d63b1bffe3d38fb0d23a75dd5137eac482b9388f4a0affe15717a7814c3913f0c2290876e50ac20bc5cff82c0606d CVE-2021-26937.patch" 21f296fa558ef5cdde378fcd8d47cf780f99702c3f798387f611260f29700397591f1757d1d3197a12650a4042af74176753e69bc19997c2bbfbb02b413a50a5 CVE-2021-26937.patch"
main/screen/CVE-2021-26937.patch
+ 53
43
View file @ 51f55010
Description: [CVE-2021-26937] Fix out of bounds array access Source: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010.html
Author: Axel Beckert <abe@debian.org> diff --git a/encoding.c b/encoding.c
Bug-Debian: https://bugs.debian.org/982435 index e5db3e7..79f5d14 100644
Bug: https://savannah.gnu.org/bugs/?60030
Bug: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
Bug-OSS-Security: https://www.openwall.com/lists/oss-security/2021/02/09/3
Forwarded: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00004.html
--- a/encoding.c --- a/encoding.c
+++ b/encoding.c +++ b/encoding.c
@@ -1408,21 +1408,23 @@ @@ -43,7 +43,7 @@ static int encmatch __P((char *, char *));
} # ifdef UTF8
/* FIXME: delete old char from all buffers */ static int recode_char __P((int, int, int));
} static int recode_char_to_encoding __P((int, int));
- else if (!combchars[i]) -static void comb_tofront __P((int, int));
- { +static void comb_tofront __P((int));
- combchars[i] = (struct combchar *)malloc(sizeof(struct combchar)); # ifdef DW_CHARS
- if (!combchars[i]) static int recode_char_dw __P((int, int *, int, int));
- return; static int recode_char_dw_to_encoding __P((int, int *, int));
- combchars[i]->prev = i; @@ -1263,6 +1263,8 @@ int c;
- combchars[i]->next = i; {0x30000, 0x3FFFD},
- } };
- combchars[i]->c1 = c1;
- combchars[i]->c2 = c; + if (c >= 0xdf00 && c <= 0xdfff)
- mc->image = i & 0xff; + return 1; /* dw combining sequence */
- mc->font = (i >> 8) + 0xd8; return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval) - 1)) ||
- mc->fontx = 0; (cjkwidth &&
- debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800); bisearch(c, ambiguous,
@@ -1330,11 +1332,12 @@ int c;
}
static void
-comb_tofront(root, i)
-int root, i;
+comb_tofront(i)
+int i;
{
for (;;)
{
+ int root = i >= 0x700 ? 0x801 : 0x800;
debug1("bring to front: %x\n", i);
combchars[combchars[i]->prev]->next = combchars[i]->next;
combchars[combchars[i]->next]->prev = combchars[i]->prev;
@@ -1396,9 +1399,9 @@ struct mchar *mc;
{
/* full, recycle old entry */
if (c1 >= 0xd800 && c1 < 0xe000)
- comb_tofront(root, c1 - 0xd800);
+ comb_tofront(c1 - 0xd800);
i = combchars[root]->prev;
- if (c1 == i + 0xd800)
+ if (i == 0x800 || i == 0x801 || c1 == i + 0xd800)
{
/* completely full, can't recycle */
debug("utf8_handle_comp: completely full!\n");
@@ -1422,7 +1425,7 @@ struct mchar *mc;
mc->font = (i >> 8) + 0xd8;
mc->fontx = 0;
debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
- comb_tofront(root, i); - comb_tofront(root, i);
+ else if (i < sizeof combchars / sizeof *combchars) { + comb_tofront(i);
+ if (!combchars[i])
+ {
+ combchars[i] = (struct combchar *)malloc(sizeof(struct combchar));
+ if (!combchars[i])
+ return;
+ combchars[i]->prev = i;
+ combchars[i]->next = i;
+ }
+ combchars[i]->c1 = c1;
+ combchars[i]->c2 = c;
+ mc->image = i & 0xff;
+ mc->font = (i >> 8) + 0xd8;
+ mc->fontx = 0;
+ debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
+ comb_tofront(root, i);
+ }
} }
#else /* !UTF8 */ #else /* !UTF8 */
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment