blob: 661a40f0e646f5d7e759cb03b155e847297adf39 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
Author: Sven Joachim <svenjoac@gmx.de>
Description: Fix for CVE-2019-17595
Fix for CVE-2019-17595 cherry-picked from upstream patchlevel
20191012. Additionally to the CVE fix, this contains a check for
acsc with odd length in dump_entry in check for one-one mapping.
Bug-Debian: https://bugs.debian.org/942401
Bug: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
Bug: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00018.html
Forwarded: not-needed
Last-Update: 2019-11-02
---
progs/dump_entry.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/progs/dump_entry.c
+++ b/progs/dump_entry.c
@@ -1110,7 +1110,8 @@ fmt_entry(TERMTYPE2 *tterm,
*d++ = '\\';
*d = ':';
} else if (*d == '\\') {
- *++d = *s++;
+ if ((*++d = *s++) == '\0')
+ break;
}
d++;
*d = '\0';
@@ -1370,7 +1371,7 @@ one_one_mapping(const char *mapping)
if (VALID_STRING(mapping)) {
int n = 0;
- while (mapping[n] != '\0') {
+ while (mapping[n] != '\0' && mapping[n + 1] != '\0') {
if (isLine(mapping[n]) &&
mapping[n] != mapping[n + 1]) {
result = FALSE;
|
