ncurses/CVE-2019-17594.patch

From e414438ddee26bcb081881d035dc9e247ddba0c3 Mon Sep 17 00:00:00 2001
Date: Wed, 16 Oct 2019 11:01:37 +0800
Subject: [PATCH] ncurses: fix CVE-2019-17594

reason:fix CVE-2019-17594
check for invalid hashcode in _nc_find_entry

CVE-2019-17594 reference:
http://invisible-mirror.net/archives/ncurses/6.1/ncurses-6.1-20191012.patch.gz
---
 ncurses/tinfo/comp_hash.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
index 959c6e1..4183f68 100644
--- a/ncurses/tinfo/comp_hash.c
+++ b/ncurses/tinfo/comp_hash.c
@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
 
     hashvalue = data->hash_of(string);
 
-    if (data->table_data[hashvalue] >= 0) {
+    if (hashvalue >= 0
+	&& (unsigned) hashvalue < data->table_size
+	&& data->table_data[hashvalue] >= 0) {
 
 	real_table = _nc_get_table(termcap);
 	ptr = real_table + data->table_data[hashvalue];
@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
     const HashData *data = _nc_get_hash_info(termcap);
     int hashvalue = data->hash_of(string);
 
-    if (data->table_data[hashvalue] >= 0) {
+    if (hashvalue >= 0
+	&& (unsigned) hashvalue < data->table_size
+	&& data->table_data[hashvalue] >= 0) {
 	const struct name_table_entry *const table = _nc_get_table(termcap);
 
 	ptr = table + data->table_data[hashvalue];
Package init 2019-12-25 15:58:50 +08:00			`From e414438ddee26bcb081881d035dc9e247ddba0c3 Mon Sep 17 00:00:00 2001`
			`Date: Wed, 16 Oct 2019 11:01:37 +0800`
			`Subject: [PATCH] ncurses: fix CVE-2019-17594`

			`reason:fix CVE-2019-17594`
			`check for invalid hashcode in _nc_find_entry`

			`CVE-2019-17594 reference:`
			`http://invisible-mirror.net/archives/ncurses/6.1/ncurses-6.1-20191012.patch.gz`
			`---`
			`ncurses/tinfo/comp_hash.c \| 10 +++++++---`
			`1 file changed, 7 insertions(+), 3 deletions(-)`

			`diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c`
			`index 959c6e1..4183f68 100644`
			`--- a/ncurses/tinfo/comp_hash.c`
			`+++ b/ncurses/tinfo/comp_hash.c`
			`@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,`

			`hashvalue = data->hash_of(string);`

			`- if (data->table_data[hashvalue] >= 0) {`
			`+ if (hashvalue >= 0`
			`+ && (unsigned) hashvalue < data->table_size`
			`+ && data->table_data[hashvalue] >= 0) {`

			`real_table = _nc_get_table(termcap);`
			`ptr = real_table + data->table_data[hashvalue];`
			`@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,`
			`const HashData *data = _nc_get_hash_info(termcap);`
			`int hashvalue = data->hash_of(string);`

			`- if (data->table_data[hashvalue] >= 0) {`
			`+ if (hashvalue >= 0`
			`+ && (unsigned) hashvalue < data->table_size`
			`+ && data->table_data[hashvalue] >= 0) {`
			`const struct name_table_entry *const table = _nc_get_table(termcap);`

			`ptr = table + data->table_data[hashvalue];`