Date: Tue, 8 Sep 2015 16:46:06 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r396411 - in branches/2015Q3/sysutils/screen: . files Message-ID: <201509081646.t88Gk6Nb085561@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Tue Sep 8 16:46:05 2015 New Revision: 396411 URL: https://svnweb.freebsd.org/changeset/ports/396411 Log: MFH: r396408 Add patch to resolve stack overflow vulnerability Security: 98092444-5645-11e5-9ad8-14dae9d210b8 Security: CVE-2015-6806 Approved by: ports-secteam (with hat) Added: branches/2015Q3/sysutils/screen/files/patch-CVE-2015-6806 - copied unchanged from r396408, head/sysutils/screen/files/patch-CVE-2015-6806 Modified: branches/2015Q3/sysutils/screen/Makefile Directory Properties: branches/2015Q3/ (props changed) Modified: branches/2015Q3/sysutils/screen/Makefile ============================================================================== --- branches/2015Q3/sysutils/screen/Makefile Tue Sep 8 16:45:00 2015 (r396410) +++ branches/2015Q3/sysutils/screen/Makefile Tue Sep 8 16:46:05 2015 (r396411) @@ -3,7 +3,7 @@ PORTNAME= screen PORTVERSION= 4.3.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= sysutils MASTER_SITES= http://ftp.gnu.org/gnu/screen/ \ ftp://ftp.gnu.org/gnu/screen/ \ Copied: branches/2015Q3/sysutils/screen/files/patch-CVE-2015-6806 (from r396408, head/sysutils/screen/files/patch-CVE-2015-6806) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q3/sysutils/screen/files/patch-CVE-2015-6806 Tue Sep 8 16:46:05 2015 (r396411, copy of r396408, head/sysutils/screen/files/patch-CVE-2015-6806) @@ -0,0 +1,55 @@ +From b7484c224738247b510ed0d268cd577076958f1b Mon Sep 17 00:00:00 2001 +From: Kuang-che Wu <kcwu@csie.org> +Date: Mon, 31 Aug 2015 17:49:57 +0000 +Subject: Fix stack overflow due to too deep recursion + +Bug: 45713 + +How to reproduce: +Run this command inside screen +$ printf '\x1b[10000000T' + +screen will recursively call MScrollV to depth n/256. This is time consuming and will overflow stack if n is huge. +--- +diff --git a/src/ansi.c b/src/ansi.c +index a342fb1..152d2ef 100644 +--- ansi.c ++++ ansi.c +@@ -2502,13 +2502,13 @@ int n, ys, ye, bce; + return; + if (n > 0) + { ++ if (ye - ys + 1 < n) ++ n = ye - ys + 1; + if (n > 256) + { + MScrollV(p, n - 256, ys, ye, bce); + n = 256; + } +- if (ye - ys + 1 < n) +- n = ye - ys + 1; + #ifdef COPY_PASTE + if (compacthist) + { +@@ -2562,14 +2562,14 @@ int n, ys, ye, bce; + } + else + { +- if (n < -256) +- { +- MScrollV(p, n + 256, ys, ye, bce); +- n = -256; +- } + n = -n; + if (ye - ys + 1 < n) + n = ye - ys + 1; ++ if (n > 256) ++ { ++ MScrollV(p, - (n - 256), ys, ye, bce); ++ n = 256; ++ } + + ml = p->w_mlines + ye; + /* Clear lines */ +-- +cgit v0.9.0.2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201509081646.t88Gk6Nb085561>