diff options
Diffstat (limited to 'data/ncurses/CVE-2019-17595.diff')
| -rw-r--r-- | data/ncurses/CVE-2019-17595.diff | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/data/ncurses/CVE-2019-17595.diff b/data/ncurses/CVE-2019-17595.diff new file mode 100644 index 000000000..661a40f0e --- /dev/null +++ b/data/ncurses/CVE-2019-17595.diff @@ -0,0 +1,36 @@ +Author: Sven Joachim <svenjoac@gmx.de> +Description: Fix for CVE-2019-17595 + Fix for CVE-2019-17595 cherry-picked from upstream patchlevel + 20191012. Additionally to the CVE fix, this contains a check for + acsc with odd length in dump_entry in check for one-one mapping. +Bug-Debian: https://bugs.debian.org/942401 +Bug: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html +Bug: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00018.html +Forwarded: not-needed +Last-Update: 2019-11-02 + +--- + progs/dump_entry.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/progs/dump_entry.c ++++ b/progs/dump_entry.c +@@ -1110,7 +1110,8 @@ fmt_entry(TERMTYPE2 *tterm, + *d++ = '\\'; + *d = ':'; + } else if (*d == '\\') { +- *++d = *s++; ++ if ((*++d = *s++) == '\0') ++ break; + } + d++; + *d = '\0'; +@@ -1370,7 +1371,7 @@ one_one_mapping(const char *mapping) + + if (VALID_STRING(mapping)) { + int n = 0; +- while (mapping[n] != '\0') { ++ while (mapping[n] != '\0' && mapping[n + 1] != '\0') { + if (isLine(mapping[n]) && + mapping[n] != mapping[n + 1]) { + result = FALSE; |