path: root/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch

From 064b77f173337aa790f1cec0d741bfbc61a33d31 Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <trevor.gamblin@windriver.com>
Date: Fri, 18 Oct 2019 09:57:43 -0400
Subject: [PATCH] ncurses: selective backport of 20191012 patch

Upstream-Status: Backport [https://salsa.debian.org/debian/ncurses/commit/243908b1e3d81]

Contents of the upstream patch that are not applied to comp_hash.c, 
parse_entry.c, or dump_entry.c have been omitted.

CVE: CVE-2019-17594
CVE: CVE-2019-17595

Signed-off-by: Trevor Gamblin  <trevor.gamblin@windriver.com>

---
 ncurses/tinfo/comp_hash.c   | 14 ++++++++++----
 ncurses/tinfo/parse_entry.c | 32 ++++++++++++++++----------------
 progs/dump_entry.c          |  7 ++++---
 3 files changed, 30 insertions(+), 23 deletions(-)

diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
index 21f165ca..a62d38f9 100644
--- a/ncurses/tinfo/comp_hash.c
+++ b/ncurses/tinfo/comp_hash.c
@@ -44,7 +44,7 @@
 #include <tic.h>
 #include <hashsize.h>
 
-MODULE_ID("$Id: comp_hash.c,v 1.49 2019/03/10 00:06:48 tom Exp $")
+MODULE_ID("$Id: comp_hash.c,v 1.51 2019/10/12 16:32:13 tom Exp $")
 
 /*
  * Finds the entry for the given string in the hash table if present.
@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
 
     hashvalue = data->hash_of(string);
 
-    if (data->table_data[hashvalue] >= 0) {
+    if (hashvalue >= 0
+	&& (unsigned) hashvalue < data->table_size
+	&& data->table_data[hashvalue] >= 0) {
 
 	real_table = _nc_get_table(termcap);
 	ptr = real_table + data->table_data[hashvalue];
@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
     const HashData *data = _nc_get_hash_info(termcap);
     int hashvalue = data->hash_of(string);
 
-    if (data->table_data[hashvalue] >= 0) {
+    if (hashvalue >= 0
+	&& (unsigned) hashvalue < data->table_size
+	&& data->table_data[hashvalue] >= 0) {
 	const struct name_table_entry *const table = _nc_get_table(termcap);
 
 	ptr = table + data->table_data[hashvalue];
@@ -124,7 +128,9 @@ _nc_find_user_entry(const char *string)
 
     hashvalue = data->hash_of(string);
 
-    if (data->table_data[hashvalue] >= 0) {
+    if (hashvalue >= 0
+	&& (unsigned) hashvalue < data->table_size
+	&& data->table_data[hashvalue] >= 0) {
 
 	real_table = _nc_get_userdefs_table();
 	ptr = real_table + data->table_data[hashvalue];
diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
index f8cca8b5..064376c5 100644
--- a/ncurses/tinfo/parse_entry.c
+++ b/ncurses/tinfo/parse_entry.c
@@ -47,7 +47,7 @@
 #include <ctype.h>
 #include <tic.h>
 
-MODULE_ID("$Id: parse_entry.c,v 1.97 2019/08/03 23:10:38 tom Exp $")
+MODULE_ID("$Id: parse_entry.c,v 1.98 2019/10/12 00:50:31 tom Exp $")
 
 #ifdef LINT
 static short const parametrized[] =
@@ -654,12 +654,12 @@ _nc_capcmp(const char *s, const char *t)
 }
 
 static void
-append_acs0(string_desc * dst, int code, int src)
+append_acs0(string_desc * dst, int code, char *src, size_t off)
 {
-    if (src != 0) {
+    if (src != 0 && off < strlen(src)) {
 	char temp[3];
 	temp[0] = (char) code;
-	temp[1] = (char) src;
+	temp[1] = src[off];
 	temp[2] = 0;
 	_nc_safe_strcat(dst, temp);
     }
@@ -669,7 +669,7 @@ static void
 append_acs(string_desc * dst, int code, char *src)
 {
     if (VALID_STRING(src) && strlen(src) == 1) {
-	append_acs0(dst, code, *src);
+	append_acs0(dst, code, src, 0);
     }
 }
 
@@ -1038,17 +1038,17 @@ postprocess_terminfo(TERMTYPE2 *tp)
 	_nc_str_init(&result, buf2, sizeof(buf2));
 	_nc_safe_strcat(&result, acs_chars);
 
-	append_acs0(&result, 'l', box_chars_1[0]);	/* ACS_ULCORNER */
-	append_acs0(&result, 'q', box_chars_1[1]);	/* ACS_HLINE */
-	append_acs0(&result, 'k', box_chars_1[2]);	/* ACS_URCORNER */
-	append_acs0(&result, 'x', box_chars_1[3]);	/* ACS_VLINE */
-	append_acs0(&result, 'j', box_chars_1[4]);	/* ACS_LRCORNER */
-	append_acs0(&result, 'm', box_chars_1[5]);	/* ACS_LLCORNER */
-	append_acs0(&result, 'w', box_chars_1[6]);	/* ACS_TTEE */
-	append_acs0(&result, 'u', box_chars_1[7]);	/* ACS_RTEE */
-	append_acs0(&result, 'v', box_chars_1[8]);	/* ACS_BTEE */
-	append_acs0(&result, 't', box_chars_1[9]);	/* ACS_LTEE */
-	append_acs0(&result, 'n', box_chars_1[10]);	/* ACS_PLUS */
+	append_acs0(&result, 'l', box_chars_1, 0);	/* ACS_ULCORNER */
+	append_acs0(&result, 'q', box_chars_1, 1);	/* ACS_HLINE */
+	append_acs0(&result, 'k', box_chars_1, 2);	/* ACS_URCORNER */
+	append_acs0(&result, 'x', box_chars_1, 3);	/* ACS_VLINE */
+	append_acs0(&result, 'j', box_chars_1, 4);	/* ACS_LRCORNER */
+	append_acs0(&result, 'm', box_chars_1, 5);	/* ACS_LLCORNER */
+	append_acs0(&result, 'w', box_chars_1, 6);	/* ACS_TTEE */
+	append_acs0(&result, 'u', box_chars_1, 7);	/* ACS_RTEE */
+	append_acs0(&result, 'v', box_chars_1, 8);	/* ACS_BTEE */
+	append_acs0(&result, 't', box_chars_1, 9);	/* ACS_LTEE */
+	append_acs0(&result, 'n', box_chars_1, 10);	/* ACS_PLUS */
 
 	if (buf2[0]) {
 	    acs_chars = _nc_save_str(buf2);
diff --git a/progs/dump_entry.c b/progs/dump_entry.c
index d0e420ec..8a47084a 100644
--- a/progs/dump_entry.c
+++ b/progs/dump_entry.c
@@ -39,7 +39,7 @@
 #include "termsort.c"		/* this C file is generated */
 #include <parametrized.h>	/* so is this */
 
-MODULE_ID("$Id: dump_entry.c,v 1.173 2019/05/11 21:02:24 tom Exp $")
+MODULE_ID("$Id: dump_entry.c,v 1.175 2019/10/12 15:59:07 tom Exp $")
 
 #define DISCARD(string) string = ABSENT_STRING
 #define PRINTF (void) printf
@@ -1136,7 +1136,8 @@ fmt_entry(TERMTYPE2 *tterm,
 				*d++ = '\\';
 				*d = ':';
 			    } else if (*d == '\\') {
-				*++d = *s++;
+				if ((*++d = *s++) == '\0')
+				    break;
 			    }
 			    d++;
 			    *d = '\0';
@@ -1396,7 +1397,7 @@ one_one_mapping(const char *mapping)
 
     if (VALID_STRING(mapping)) {
 	int n = 0;
-	while (mapping[n] != '\0') {
+	while (mapping[n] != '\0' && mapping[n + 1] != '\0') {
 	    if (isLine(mapping[n]) &&
 		mapping[n] != mapping[n + 1]) {
 		result = FALSE;
-- 
2.17.1