Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Rings:0-Bootstrap
ncurses
ncurses-5.9-bsc1046853_1046858.dif
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ncurses-5.9-bsc1046853_1046858.dif of Package ncurses
Based on patch 20170701 for ncurses 6.0 Fixes for CVE-2017-10684 and CVE-2017-10685 --- ncurses/tinfo/alloc_entry.c | 6 +++++- ncurses/tinfo/parse_entry.c | 22 ++++++++++++---------- progs/dump_entry.c | 30 +++++++++++++++++++----------- 3 files changed, 36 insertions(+), 22 deletions(-) --- ncurses/tinfo/alloc_entry.c +++ ncurses/tinfo/alloc_entry.c 2017-07-03 07:33:48.632335860 +0000 @@ -96,7 +96,11 @@ _nc_save_str(const char *const string) { char *result = 0; size_t old_next_free = next_free; - size_t len = strlen(string) + 1; + size_t len; + + if (string == 0) + return _nc_save_str(""); + len = strlen(string) + 1; if (len == 1 && next_free != 0) { /* --- ncurses/tinfo/parse_entry.c +++ ncurses/tinfo/parse_entry.c 2017-07-03 07:38:49.494834364 +0000 @@ -236,13 +236,14 @@ _nc_parse_entry(struct entry *entryp, in * implemented it. Note that the resulting terminal type was never the * 2-character name, but was instead the first alias after that. */ +#define ok_TC2(s) (isgraph(UChar(s)) && (s) != '|') ptr = _nc_curr_token.tk_name; if (_nc_syntax == SYN_TERMCAP #if NCURSES_XNAMES && !_nc_user_definable #endif ) { - if (ptr[2] == '|') { + if (ok_TC2(ptr[0]) && ok_TC2(ptr[1]) && ptr[2] == '|') { ptr += 3; _nc_curr_token.tk_name[2] = '\0'; } @@ -284,9 +285,11 @@ _nc_parse_entry(struct entry *entryp, in if (is_use || is_tc) { entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring); entryp->uses[entryp->nuses].line = _nc_curr_line; - entryp->nuses++; - if (entryp->nuses > 1 && is_tc) { - BAD_TC_USAGE + if (VALID_STRING(entryp->uses[entryp->nuses].name)) { + entryp->nuses++; + if (entryp->nuses > 1 && is_tc) { + BAD_TC_USAGE + } } } else { /* normal token lookup */ @@ -571,7 +574,7 @@ append_acs0(string_desc * dst, int code, static void append_acs(string_desc * dst, int code, char *src) { - if (src != 0 && strlen(src) == 1) { + if (VALID_STRING(src) && strlen(src) == 1) { append_acs0(dst, code, *src); } } @@ -829,15 +832,14 @@ postprocess_termcap(TERMTYPE *tp, bool h } if (tp->Strings[to_ptr->nte_index]) { + const char *s = tp->Strings[from_ptr->nte_index]; + const char *t = tp->Strings[to_ptr->nte_index]; /* There's no point in warning about it if it's the same * string; that's just an inefficiency. */ - if (strcmp( - tp->Strings[from_ptr->nte_index], - tp->Strings[to_ptr->nte_index]) != 0) + if (VALID_STRING(s) && VALID_STRING(t) && strcmp(s, t) != 0) _nc_warning("%s (%s) already has an explicit value %s, ignoring ko", - ap->to, ap->from, - _nc_visbuf(tp->Strings[to_ptr->nte_index])); + ap->to, ap->from, t); continue; } --- progs/dump_entry.c +++ progs/dump_entry.c 2017-07-03 07:49:22.131096596 +0000 @@ -609,9 +609,10 @@ fmt_entry(TERMTYPE *tterm, PredIdx num_strings = 0; bool outcount = 0; -#define WRAP_CONCAT \ - wrap_concat(buffer); \ - outcount = TRUE +#define WRAP_CONCAT1(s) wrap_concat(s); outcount = TRUE +#define WRAP_CONCAT2(a,b) wrap_concat(a); WRAP_CONCAT1(b) +#define WRAP_CONCAT3(a,b,c) wrap_concat(a); WRAP_CONCAT2(b,c) +#define WRAP_CONCAT WRAP_CONCAT1(buffer) len = 12; /* terminfo file-header */ @@ -802,13 +803,21 @@ fmt_entry(TERMTYPE *tterm, _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer)) "%s=!!! %s WILL NOT CONVERT !!!", name, srccap); + WRAP_CONCAT; } else if (suppress_untranslatable) { continue; } else { char *s = srccap, *d = buffer; - _nc_SPRINTF(d, _nc_SLIMIT(sizeof(buffer)) "..%s=", name); - d += strlen(d); + WRAP_CONCAT3("..", name, "="); while ((*d = *s++) != 0) { + if ((d - buffer - 1) >= (int) sizeof(buffer)) { + fprintf(stderr, + "%s: value for %s is too long\n", + _nc_progname, + name); + *d = '\0'; + break; + } if (*d == ':') { *d++ = '\\'; *d = ':'; @@ -817,13 +826,12 @@ fmt_entry(TERMTYPE *tterm, } d++; } + WRAP_CONCAT; } } else { - _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer)) - "%s=%s", name, cv); + WRAP_CONCAT3(name, "=", cv); } len += (int) strlen(capability) + 1; - WRAP_CONCAT; } else { char *src = _nc_tic_expand(capability, outform == F_TERMINFO, numbers); @@ -839,8 +847,7 @@ fmt_entry(TERMTYPE *tterm, strcpy_DYN(&tmpbuf, src); } len += (int) strlen(capability) + 1; - wrap_concat(tmpbuf.text); - outcount = TRUE; + WRAP_CONCAT1(tmpbuf.text); } } /* e.g., trimmed_sgr0 */ @@ -1203,7 +1210,8 @@ dump_entry(TERMTYPE *tterm, } if (len > critlen) { (void) fprintf(stderr, - "warning: %s entry is %d bytes long\n", + "%s: %s entry is %d bytes long\n", + _nc_progname, _nc_first_name(tterm->term_names), len); SHOW_WHY("# WARNING: this entry, %d bytes long, may core-dump %s libraries!\n",
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor