summaryrefslogtreecommitdiff
path: root/data/ncurses/CVE-2019-17594.diff
diff options
context:
space:
mode:
Diffstat (limited to 'data/ncurses/CVE-2019-17594.diff')
-rw-r--r--data/ncurses/CVE-2019-17594.diff37
1 files changed, 37 insertions, 0 deletions
diff --git a/data/ncurses/CVE-2019-17594.diff b/data/ncurses/CVE-2019-17594.diff
new file mode 100644
index 000000000..7ab8e9e1b
--- /dev/null
+++ b/data/ncurses/CVE-2019-17594.diff
@@ -0,0 +1,37 @@
+Author: Sven Joachim <svenjoac@gmx.de>
+Description: Fix for CVE-2019-17594
+ Check for invalid hashcode in _nc_find_type_entry and nc_find_entry,
+ fix cherry-picked from upstream patchlevel 20191012.
+Bug-Debian: https://bugs.debian.org/942401
+Bug: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html
+Forwarded: not-needed
+Last-Update: 2019-11-02
+
+---
+ ncurses/tinfo/comp_hash.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/ncurses/tinfo/comp_hash.c
++++ b/ncurses/tinfo/comp_hash.c
+@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
+
+ hashvalue = data->hash_of(string);
+
+- if (data->table_data[hashvalue] >= 0) {
++ if (hashvalue >= 0
++ && (unsigned) hashvalue < data->table_size
++ && data->table_data[hashvalue] >= 0) {
+
+ real_table = _nc_get_table(termcap);
+ ptr = real_table + data->table_data[hashvalue];
+@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
+ const HashData *data = _nc_get_hash_info(termcap);
+ int hashvalue = data->hash_of(string);
+
+- if (data->table_data[hashvalue] >= 0) {
++ if (hashvalue >= 0
++ && (unsigned) hashvalue < data->table_size
++ && data->table_data[hashvalue] >= 0) {
+ const struct name_table_entry *const table = _nc_get_table(termcap);
+
+ ptr = table + data->table_data[hashvalue];