mirror of
https://git.yoctoproject.org/poky
synced 2026-03-12 02:09:39 +01:00
7103a733a1
Pick relevant part of snapshot commit 20250329, see [1]. That has: add a buffer-limit check in postprocess_termcap (report/testcase by Yifan Zhang). [1] https://invisible-island.net/ncurses/NEWS.html#index-t20250329 (From OE-Core rev: 8d09a78a79d7f4b4ae9654bdcdf5f33dab9a8b95) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
26 lines
1.0 KiB
Diff
26 lines
1.0 KiB
Diff
From 27d1493340d714e7be6e08c0a8f43e48276149c4 Mon Sep 17 00:00:00 2001
|
|
From: "Thomas E. Dickey" <dickey@invisible-island.net>
|
|
Date: Sat, 29 Mar 2025 22:52:37 +0000
|
|
Subject: [PATCH] snapshot of project "ncurses", label v6_5_20250329
|
|
|
|
CVE: CVE-2025-6141
|
|
Upstream-Status: Backport [https://github.com/ThomasDickey/ncurses-snapshots/commit/27d1493340d714e7be6e08c0a8f43e48276149c4]
|
|
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
|
---
|
|
ncurses/tinfo/parse_entry.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
|
|
index a2278c07..c551c780 100644
|
|
--- a/ncurses/tinfo/parse_entry.c
|
|
+++ b/ncurses/tinfo/parse_entry.c
|
|
@@ -954,6 +954,8 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base)
|
|
bp = tp->Strings[from_ptr->nte_index];
|
|
if (VALID_STRING(bp)) {
|
|
for (dp = buf2; *bp; bp++) {
|
|
+ if ((size_t) (dp - buf2) >= (sizeof(buf2) - sizeof(TERMTYPE2)))
|
|
+ break;
|
|
if (bp[0] == '$' && bp[1] == '<') {
|
|
while (*bp && *bp != '>') {
|
|
++bp;
|