diff options
Diffstat (limited to 'data/ncurses/CVE-2019-17594.diff')
-rw-r--r-- | data/ncurses/CVE-2019-17594.diff | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/data/ncurses/CVE-2019-17594.diff b/data/ncurses/CVE-2019-17594.diff new file mode 100644 index 000000000..7ab8e9e1b --- /dev/null +++ b/data/ncurses/CVE-2019-17594.diff @@ -0,0 +1,37 @@ +Author: Sven Joachim <svenjoac@gmx.de> +Description: Fix for CVE-2019-17594 + Check for invalid hashcode in _nc_find_type_entry and nc_find_entry, + fix cherry-picked from upstream patchlevel 20191012. +Bug-Debian: https://bugs.debian.org/942401 +Bug: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html +Forwarded: not-needed +Last-Update: 2019-11-02 + +--- + ncurses/tinfo/comp_hash.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/ncurses/tinfo/comp_hash.c ++++ b/ncurses/tinfo/comp_hash.c +@@ -63,7 +63,9 @@ _nc_find_entry(const char *string, + + hashvalue = data->hash_of(string); + +- if (data->table_data[hashvalue] >= 0) { ++ if (hashvalue >= 0 ++ && (unsigned) hashvalue < data->table_size ++ && data->table_data[hashvalue] >= 0) { + + real_table = _nc_get_table(termcap); + ptr = real_table + data->table_data[hashvalue]; +@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string, + const HashData *data = _nc_get_hash_info(termcap); + int hashvalue = data->hash_of(string); + +- if (data->table_data[hashvalue] >= 0) { ++ if (hashvalue >= 0 ++ && (unsigned) hashvalue < data->table_size ++ && data->table_data[hashvalue] >= 0) { + const struct name_table_entry *const table = _nc_get_table(termcap); + + ptr = table + data->table_data[hashvalue]; |