mirror of
https://git.yoctoproject.org/poky
synced 2026-04-22 15:32:14 +02:00
screen: fix CVE-2020-9366
(From OE-Core rev: 6d79a4d7545bc78ac759e575f6d15d7b23fad638) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Anuj Mittal
committed by
Richard Purdie
Richard Purdie
parent
02299147d9
commit
bf506f4eba
48
meta/recipes-extended/screen/screen/CVE-2020-9366.patch
Normal file
48
meta/recipes-extended/screen/screen/CVE-2020-9366.patch
Normal file
@@ -0,0 +1,48 @@
|
||||
From 8ce90c1d3d5bece150479d8bc9303fd9d9f45e03 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>
|
||||
Date: Thu, 30 Jan 2020 17:56:27 +0100
|
||||
Subject: [PATCH] Fix out of bounds access when setting w_xtermosc after OSC 49
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
echo -e "\e]49\e; \n\ec"
|
||||
crashes screen.
|
||||
|
||||
This happens because 49 is divided by 10 and used as table index
|
||||
resulting in access to w_xtermosc[4], which is out of bounds with table
|
||||
itself being size 4. Increase size of table by 1 to 5, which is enough
|
||||
for all current uses.
|
||||
|
||||
As this overwrites memory based on user input it is potential security
|
||||
issue.
|
||||
|
||||
Reported-by: pippin@gimp.org
|
||||
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
|
||||
|
||||
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?h=v.4.8.0&id=68386dfb1fa33471372a8cd2e74686758a2f527b]
|
||||
CVE: CVE-2020-9366
|
||||
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
||||
|
||||
---
|
||||
window.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/window.h b/window.h
|
||||
index bd10dcd..a8afa19 100644
|
||||
--- a/window.h
|
||||
+++ b/window.h
|
||||
@@ -237,7 +237,7 @@ struct win
|
||||
char w_vbwait;
|
||||
char w_norefresh; /* dont redisplay when switching to that win */
|
||||
#ifdef RXVT_OSC
|
||||
- char w_xtermosc[4][MAXSTR]; /* special xterm/rxvt escapes */
|
||||
+ char w_xtermosc[5][MAXSTR]; /* special xterm/rxvt escapes */
|
||||
#endif
|
||||
int w_mouse; /* mouse mode 0,9,1000 */
|
||||
#ifdef HAVE_BRAILLE
|
||||
@@ -25,6 +25,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
|
||||
file://0001-fix-for-multijob-build.patch \
|
||||
file://0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch \
|
||||
file://0001-Remove-more-compatibility-stuff.patch \
|
||||
file://CVE-2020-9366.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "a0f529d3333b128dfaa324d978ba73a8"
|
||||
|
||||
Reference in New Issue
Block a user