aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMaxin B. John <maxin.john@intel.com>2015-10-07 05:53:38 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-10-12 14:33:42 +0100
commit0f2dbfd939ed2d9f2cbbed4d1522e77c4d1672b2 (patch)
tree7862c1f452ecc7259b22e851f48d1cbf4115979f
parenteb8bed1a5eb9690462f8724c5b00a5d7044eba4c (diff)
downloadopenembedded-core-contrib-0f2dbfd939ed2d9f2cbbed4d1522e77c4d1672b2.tar.gz
screen: fix CVE-2015-6806
Backport a patch to fix CVE-2015-6806 Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat
-rw-r--r--meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch57
-rw-r--r--meta/recipes-extended/screen/screen_4.3.1.bb1
2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
new file mode 100644
index 0000000000..2bc9a59bea
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
@@ -0,0 +1,57 @@
+Bug: 45713
+
+How to reproduce:
+Run this command inside screen
+$ printf '\x1b[10000000T'
+
+screen will recursively call MScrollV to depth n/256.
+This is time consuming and will overflow stack if n is huge.
+
+Fixes CVE-2015-6806
+
+Upstream-Status: Backport
+
+Signed-off-by: Kuang-che Wu <kcwu@csie.org>
+Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+diff -Naur screen-4.3.1-orig/ansi.c screen-4.3.1/ansi.c
+--- screen-4.3.1-orig/ansi.c 2015-06-29 00:22:55.000000000 +0300
++++ screen-4.3.1/ansi.c 2015-10-06 13:13:58.297648039 +0300
+@@ -2502,13 +2502,13 @@
+ return;
+ if (n > 0)
+ {
++ if (ye - ys + 1 < n)
++ n = ye - ys + 1;
+ if (n > 256)
+ {
+ MScrollV(p, n - 256, ys, ye, bce);
+ n = 256;
+ }
+- if (ye - ys + 1 < n)
+- n = ye - ys + 1;
+ #ifdef COPY_PASTE
+ if (compacthist)
+ {
+@@ -2562,15 +2562,15 @@
+ }
+ else
+ {
+- if (n < -256)
+- {
+- MScrollV(p, n + 256, ys, ye, bce);
+- n = -256;
+- }
+ n = -n;
+ if (ye - ys + 1 < n)
+ n = ye - ys + 1;
+
++ if (n > 256)
++ {
++ MScrollV(p, - (n - 256), ys, ye, bce);
++ n = 256;
++ }
+ ml = p->w_mlines + ye;
+ /* Clear lines */
+ for (i = ye; i > ye - n; i--, ml--)
diff --git a/meta/recipes-extended/screen/screen_4.3.1.bb b/meta/recipes-extended/screen/screen_4.3.1.bb
index 92457af171..00d878b2c1 100644
--- a/meta/recipes-extended/screen/screen_4.3.1.bb
+++ b/meta/recipes-extended/screen/screen_4.3.1.bb
@@ -24,6 +24,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
file://Avoid-mis-identifying-systems-as-SVR4.patch \
file://0001-fix-for-multijob-build.patch \
file://0002-comm.h-now-depends-on-term.h.patch \
+ file://0001-Fix-stack-overflow-due-to-too-deep-recursion.patch \
"
SRC_URI[md5sum] = "5bb3b0ff2674e29378c31ad3411170ad"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-19 21:20:21 +0000