packages/ncurses
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ncurses/CVE-2019-17595.patch

38 lines
1.0 KiB
Diff
Raw Normal View History

Package init
2019-12-25 15:58:50 +08:00
From 07d64f8350b0c0f04ef7f3a43349c188acb4ddd8 Mon Sep 17 00:00:00 2001
Date: Wed, 16 Oct 2019 11:20:17 +0800
Subject: [PATCH] ncurses: fix CVE-2019-17595
reason: fix CVE-2019-17595
check for missing character after backslash in fmt_entry
CVE-2019-17595 reference:
http://invisible-mirror.net/archives/ncurses/6.1/ncurses-6.1-20191012.patch.g
z
---
progs/dump_entry.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/progs/dump_entry.c b/progs/dump_entry.c
index 3b1fcb1..67ff5f4 100644
--- a/progs/dump_entry.c
+++ b/progs/dump_entry.c
@@ -1110,7 +1110,8 @@ fmt_entry(TERMTYPE2 *tterm,
*d++ = '\\';
*d = ':';
} else if (*d == '\\') {
- *++d = *s++;
+ if ((*++d = *s++) == '\0')
+ break;
}
d++;
*d = '\0';
@@ -1370,7 +1371,7 @@ one_one_mapping(const char *mapping)
if (VALID_STRING(mapping)) {
int n = 0;
- while (mapping[n] != '\0') {
+ while (mapping[n] != '\0' && mapping[n + 1] != '\0') {
if (isLine(mapping[n]) &&
mapping[n] != mapping[n + 1]) {
result = FALSE;
Reference in New Issue Copy Permalink