ncurses: Fix CVE-2023-50495

Backport a patch [1] to fix CVE-2023-50495. [1] http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=7723dd6799ab10b32047ec73b14df9f107bafe99 (From OE-Core rev: bdae54177308b338bd7c75437ae4943e9da8c8ab) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Mingli Yu <mingli.yu@windriver.com> 2024-04-10 13:29:38 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-04-22 22:05:57 +0100
commit: 52000c8758a5c3dd1d2c0027771d1cd231ae9e27 (patch)
tree: df2c46f0c7fe106a74f77b6f76253d2111d78da0
parent: 3126159fe4e98edb8bba2dcd8ad4d7a7001502da (diff)
download: poky-52000c8758a5c3dd1d2c0027771d1cd231ae9e27.tar.gz
2 files changed, 302 insertions, 0 deletions
diff --git a/meta/recipes-core/ncurses/files/CVE-2023-50495.patch b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch
new file mode 100644
index 0000000000..7d90ddd30f
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch
@@ -0,0 +1,301 @@
+From 7daae3f2139a678fe0ae0b42fcf8d807cbff485c Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Sun, 4 Feb 2024 13:42:38 +0800
+Subject: [PATCH] parse_entry.c: check return value of _nc_save_str
+* check return value of _nc_save_str(), in special case for tic where
+extended capabilities are processed but the terminal description was
+not initialized (report by Ziqiao Kong).
+* regenerate llib-* files.
+CVE: CVE-2023-50495
+Upstream-Status: Backport [http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=7723dd6799ab10b32047ec73b14df9f107bafe99]
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ ncurses/llib-lncurses       | 15 +++++++++++++++
+ ncurses/llib-lncursest      | 15 +++++++++++++++
+ ncurses/llib-lncursestw     | 15 +++++++++++++++
+ ncurses/llib-lncursesw      | 15 +++++++++++++++
+ ncurses/llib-ltinfo         | 15 +++++++++++++++
+ ncurses/llib-ltinfot        | 15 +++++++++++++++
+ ncurses/llib-ltinfotw       | 15 +++++++++++++++
+ ncurses/llib-ltinfow        | 15 +++++++++++++++
+ ncurses/tinfo/parse_entry.c | 23 ++++++++++++++++-------
+ 9 files changed, 136 insertions(+), 7 deletions(-)
+diff --git a/ncurses/llib-lncurses b/ncurses/llib-lncurses
+index 211cf3b7..e4190aa2 100644
+--- a/ncurses/llib-lncurses
+++ b/ncurses/llib-lncurses
+@@ -3656,6 +3656,21 @@ char     *tiparm(
+                ...)
+                { return(*(char **)0); }
+ 
+#undef tiparm_s
+char   *tiparm_s(
+               int     num_expected,
+               int     tparm_type,
+               const char *string,
+               ...)
+               { return(*(char **)0); }
+
+#undef tiscan_s
+int    tiscan_s(
+               int     *num_expected,
+               int     *tparm_type,
+               const char *string)
+               { return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char   *_nc_tiparm(
+                int     expected,
+diff --git a/ncurses/llib-lncursest b/ncurses/llib-lncursest
+index 1b09d676..e07abba6 100644
+--- a/ncurses/llib-lncursest
+++ b/ncurses/llib-lncursest
+@@ -3741,6 +3741,21 @@ char     *tiparm(
+                ...)
+                { return(*(char **)0); }
+ 
+#undef tiparm_s
+char   *tiparm_s(
+               int     num_expected,
+               int     tparm_type,
+               const char *string,
+               ...)
+               { return(*(char **)0); }
+
+#undef tiscan_s
+int    tiscan_s(
+               int     *num_expected,
+               int     *tparm_type,
+               const char *string)
+               { return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char   *_nc_tiparm(
+                int     expected,
+diff --git a/ncurses/llib-lncursestw b/ncurses/llib-lncursestw
+index 4576e0fc..747c6be8 100644
+--- a/ncurses/llib-lncursestw
+++ b/ncurses/llib-lncursestw
+@@ -4702,6 +4702,21 @@ char     *tiparm(
+                ...)
+                { return(*(char **)0); }
+ 
+#undef tiparm_s
+char   *tiparm_s(
+               int     num_expected,
+               int     tparm_type,
+               const char *string,
+               ...)
+               { return(*(char **)0); }
+
+#undef tiscan_s
+int    tiscan_s(
+               int     *num_expected,
+               int     *tparm_type,
+               const char *string)
+               { return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char   *_nc_tiparm(
+                int     expected,
+diff --git a/ncurses/llib-lncursesw b/ncurses/llib-lncursesw
+index 127350d2..862305d9 100644
+--- a/ncurses/llib-lncursesw
+++ b/ncurses/llib-lncursesw
+@@ -4617,6 +4617,21 @@ char     *tiparm(
+                ...)
+                { return(*(char **)0); }
+ 
+#undef tiparm_s
+char   *tiparm_s(
+               int     num_expected,
+               int     tparm_type,
+               const char *string,
+               ...)
+               { return(*(char **)0); }
+
+#undef tiscan_s
+int    tiscan_s(
+               int     *num_expected,
+               int     *tparm_type,
+               const char *string)
+               { return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char   *_nc_tiparm(
+                int     expected,
+diff --git a/ncurses/llib-ltinfo b/ncurses/llib-ltinfo
+index a5cd7cd3..31e5e9a6 100644
+--- a/ncurses/llib-ltinfo
+++ b/ncurses/llib-ltinfo
+@@ -927,6 +927,21 @@ char       *tiparm(
+                ...)
+                { return(*(char **)0); }
+ 
+#undef tiparm_s
+char   *tiparm_s(
+               int     num_expected,
+               int     tparm_type,
+               const char *string,
+               ...)
+               { return(*(char **)0); }
+
+#undef tiscan_s
+int    tiscan_s(
+               int     *num_expected,
+               int     *tparm_type,
+               const char *string)
+               { return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char   *_nc_tiparm(
+                int     expected,
+diff --git a/ncurses/llib-ltinfot b/ncurses/llib-ltinfot
+index bd3de812..48e5c25a 100644
+--- a/ncurses/llib-ltinfot
+++ b/ncurses/llib-ltinfot
+@@ -1003,6 +1003,21 @@ char     *tiparm(
+                ...)
+                { return(*(char **)0); }
+ 
+#undef tiparm_s
+char   *tiparm_s(
+               int     num_expected,
+               int     tparm_type,
+               const char *string,
+               ...)
+               { return(*(char **)0); }
+
+#undef tiscan_s
+int    tiscan_s(
+               int     *num_expected,
+               int     *tparm_type,
+               const char *string)
+               { return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char   *_nc_tiparm(
+                int     expected,
+diff --git a/ncurses/llib-ltinfotw b/ncurses/llib-ltinfotw
+index 4d35a1e1..64dfdfa5 100644
+--- a/ncurses/llib-ltinfotw
+++ b/ncurses/llib-ltinfotw
+@@ -1025,6 +1025,21 @@ char     *tiparm(
+                ...)
+                { return(*(char **)0); }
+ 
+#undef tiparm_s
+char   *tiparm_s(
+               int     num_expected,
+               int     tparm_type,
+               const char *string,
+               ...)
+               { return(*(char **)0); }
+
+#undef tiscan_s
+int    tiscan_s(
+               int     *num_expected,
+               int     *tparm_type,
+               const char *string)
+               { return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char   *_nc_tiparm(
+                int     expected,
+diff --git a/ncurses/llib-ltinfow b/ncurses/llib-ltinfow
+index db846764..7e17a35f 100644
+--- a/ncurses/llib-ltinfow
+++ b/ncurses/llib-ltinfow
+@@ -949,6 +949,21 @@ char       *tiparm(
+                ...)
+                { return(*(char **)0); }
+ 
+#undef tiparm_s
+char   *tiparm_s(
+               int     num_expected,
+               int     tparm_type,
+               const char *string,
+               ...)
+               { return(*(char **)0); }
+
+#undef tiscan_s
+int    tiscan_s(
+               int     *num_expected,
+               int     *tparm_type,
+               const char *string)
+               { return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char   *_nc_tiparm(
+                int     expected,
+diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
+index 14bcb67e..0a0b5637 100644
+--- a/ncurses/tinfo/parse_entry.c
+++ b/ncurses/tinfo/parse_entry.c
+@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+        /* Well, we are given a cancel for a name that we don't recognize */
+        return _nc_extend_names(entryp, name, STRING);
+     default:
+-       return 0;
+       return NULL;
+     }
+ 
+     /* Adjust the 'offset' (insertion-point) to keep the lists of extended
+@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+        for (last = (unsigned) (max - 1); last > tindex; last--)
+ 
+     if (!found) {
+       char *saved;
+
+       if ((saved = _nc_save_str(name)) == NULL)
+           return NULL;
+
+        switch (token_type) {
+        case BOOLEAN:
+            tp->ext_Booleans++;
+@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+        TYPE_REALLOC(char *, actual, tp->ext_Names);
+        while (--actual > offset)
+            tp->ext_Names[actual] = tp->ext_Names[actual - 1];
+-       tp->ext_Names[offset] = _nc_save_str(name);
+       tp->ext_Names[offset] = saved;
+     }
+ 
+     temp.nte_name = tp->ext_Names[offset];
+@@ -364,6 +369,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
+        bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0);
+        bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0);
+        if (is_use || is_tc) {
+           char *saved;
+
+            if (!VALID_STRING(_nc_curr_token.tk_valstring)
+                || _nc_curr_token.tk_valstring[0] == '\0') {
+                _nc_warning("missing name for use-clause");
+@@ -377,11 +384,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
+                            _nc_curr_token.tk_valstring);
+                continue;
+            }
+-           entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
+-           entryp->uses[entryp->nuses].line = _nc_curr_line;
+-           entryp->nuses++;
+-           if (entryp->nuses > 1 && is_tc) {
+-               BAD_TC_USAGE
+           if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) {
+                       entryp->uses[entryp->nuses].name = saved;
+                       entryp->uses[entryp->nuses].line = _nc_curr_line;
+                       entryp->nuses++;
+                       if (entryp->nuses > 1 && is_tc) {
+                           BAD_TC_USAGE
+                   }
+            }
+        } else {
+            /* normal token lookup */
+-- 
+2.25.1
diff --git a/meta/recipes-core/ncurses/ncurses_6.4.bb b/meta/recipes-core/ncurses/ncurses_6.4.bb
index 2c621525f9..31f18bbadc 100644
--- a/meta/recipes-core/ncurses/ncurses_6.4.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.4.bb
@@ -6,6 +6,7 @@ SRC_URI += "file://0001-tic-hang.patch \
           file://exit_prototype.patch \
           file://0001-Fix-CVE-2023-29491.patch \
           file://0001-Updating-reset-code-ncurses-6.4-patch-20231104.patch \
+           file://CVE-2023-50495.patch \
           "
 # commit id corresponds to the revision in package version
 SRCREV = "79b9071f2be20a24c7be031655a5638f6032f29f"
author	Mingli Yu <mingli.yu@windriver.com>	2024-04-10 13:29:38 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-04-22 22:05:57 +0100
commit	52000c8758a5c3dd1d2c0027771d1cd231ae9e27 (patch)
tree	df2c46f0c7fe106a74f77b6f76253d2111d78da0
parent	3126159fe4e98edb8bba2dcd8ad4d7a7001502da (diff)
download	poky-52000c8758a5c3dd1d2c0027771d1cd231ae9e27.tar.gz

diff --git a/meta/recipes-core/ncurses/files/CVE-2023-50495.patch b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch new file mode 100644 index 0000000000..7d90ddd30f --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch
@@ -0,0 +1,301 @@
		1	From 7daae3f2139a678fe0ae0b42fcf8d807cbff485c Mon Sep 17 00:00:00 2001
		2	From: Mingli Yu <mingli.yu@windriver.com>
		3	Date: Sun, 4 Feb 2024 13:42:38 +0800
		4	Subject: [PATCH] parse_entry.c: check return value of _nc_save_str
		5
		6	* check return value of _nc_save_str(), in special case for tic where
		7	extended capabilities are processed but the terminal description was
		8	not initialized (report by Ziqiao Kong).
		9
		10	* regenerate llib-* files.
		11
		12	CVE: CVE-2023-50495
		13
		14	Upstream-Status: Backport [http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=7723dd6799ab10b32047ec73b14df9f107bafe99]
		15
		16	Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
		17	---
		18	ncurses/llib-lncurses \| 15 +++++++++++++++
		19	ncurses/llib-lncursest \| 15 +++++++++++++++
		20	ncurses/llib-lncursestw \| 15 +++++++++++++++
		21	ncurses/llib-lncursesw \| 15 +++++++++++++++
		22	ncurses/llib-ltinfo \| 15 +++++++++++++++
		23	ncurses/llib-ltinfot \| 15 +++++++++++++++
		24	ncurses/llib-ltinfotw \| 15 +++++++++++++++
		25	ncurses/llib-ltinfow \| 15 +++++++++++++++
		26	ncurses/tinfo/parse_entry.c \| 23 ++++++++++++++++-------
		27	9 files changed, 136 insertions(+), 7 deletions(-)
		28
		29	diff --git a/ncurses/llib-lncurses b/ncurses/llib-lncurses
		30	index 211cf3b7..e4190aa2 100644
		31	--- a/ncurses/llib-lncurses
		32	+++ b/ncurses/llib-lncurses
		33	@@ -3656,6 +3656,21 @@ char *tiparm(
		34	...)
		35	{ return((char *)0); }
		36
		37	+#undef tiparm_s
		38	+char *tiparm_s(
		39	+ int num_expected,
		40	+ int tparm_type,
		41	+ const char *string,
		42	+ ...)
		43	+ { return((char *)0); }
		44	+
		45	+#undef tiscan_s
		46	+int tiscan_s(
		47	+ int *num_expected,
		48	+ int *tparm_type,
		49	+ const char *string)
		50	+ { return((int )0); }
		51	+
		52	#undef _nc_tiparm
		53	char *_nc_tiparm(
		54	int expected,
		55	diff --git a/ncurses/llib-lncursest b/ncurses/llib-lncursest
		56	index 1b09d676..e07abba6 100644
		57	--- a/ncurses/llib-lncursest
		58	+++ b/ncurses/llib-lncursest
		59	@@ -3741,6 +3741,21 @@ char *tiparm(
		60	...)
		61	{ return((char *)0); }
		62
		63	+#undef tiparm_s
		64	+char *tiparm_s(
		65	+ int num_expected,
		66	+ int tparm_type,
		67	+ const char *string,
		68	+ ...)
		69	+ { return((char *)0); }
		70	+
		71	+#undef tiscan_s
		72	+int tiscan_s(
		73	+ int *num_expected,
		74	+ int *tparm_type,
		75	+ const char *string)
		76	+ { return((int )0); }
		77	+
		78	#undef _nc_tiparm
		79	char *_nc_tiparm(
		80	int expected,
		81	diff --git a/ncurses/llib-lncursestw b/ncurses/llib-lncursestw
		82	index 4576e0fc..747c6be8 100644
		83	--- a/ncurses/llib-lncursestw
		84	+++ b/ncurses/llib-lncursestw
		85	@@ -4702,6 +4702,21 @@ char *tiparm(
		86	...)
		87	{ return((char *)0); }
		88
		89	+#undef tiparm_s
		90	+char *tiparm_s(
		91	+ int num_expected,
		92	+ int tparm_type,
		93	+ const char *string,
		94	+ ...)
		95	+ { return((char *)0); }
		96	+
		97	+#undef tiscan_s
		98	+int tiscan_s(
		99	+ int *num_expected,
		100	+ int *tparm_type,
		101	+ const char *string)
		102	+ { return((int )0); }
		103	+
		104	#undef _nc_tiparm
		105	char *_nc_tiparm(
		106	int expected,
		107	diff --git a/ncurses/llib-lncursesw b/ncurses/llib-lncursesw
		108	index 127350d2..862305d9 100644
		109	--- a/ncurses/llib-lncursesw
		110	+++ b/ncurses/llib-lncursesw
		111	@@ -4617,6 +4617,21 @@ char *tiparm(
		112	...)
		113	{ return((char *)0); }
		114
		115	+#undef tiparm_s
		116	+char *tiparm_s(
		117	+ int num_expected,
		118	+ int tparm_type,
		119	+ const char *string,
		120	+ ...)
		121	+ { return((char *)0); }
		122	+
		123	+#undef tiscan_s
		124	+int tiscan_s(
		125	+ int *num_expected,
		126	+ int *tparm_type,
		127	+ const char *string)
		128	+ { return((int )0); }
		129	+
		130	#undef _nc_tiparm
		131	char *_nc_tiparm(
		132	int expected,
		133	diff --git a/ncurses/llib-ltinfo b/ncurses/llib-ltinfo
		134	index a5cd7cd3..31e5e9a6 100644
		135	--- a/ncurses/llib-ltinfo
		136	+++ b/ncurses/llib-ltinfo
		137	@@ -927,6 +927,21 @@ char *tiparm(
		138	...)
		139	{ return((char *)0); }
		140
		141	+#undef tiparm_s
		142	+char *tiparm_s(
		143	+ int num_expected,
		144	+ int tparm_type,
		145	+ const char *string,
		146	+ ...)
		147	+ { return((char *)0); }
		148	+
		149	+#undef tiscan_s
		150	+int tiscan_s(
		151	+ int *num_expected,
		152	+ int *tparm_type,
		153	+ const char *string)
		154	+ { return((int )0); }
		155	+
		156	#undef _nc_tiparm
		157	char *_nc_tiparm(
		158	int expected,
		159	diff --git a/ncurses/llib-ltinfot b/ncurses/llib-ltinfot
		160	index bd3de812..48e5c25a 100644
		161	--- a/ncurses/llib-ltinfot
		162	+++ b/ncurses/llib-ltinfot
		163	@@ -1003,6 +1003,21 @@ char *tiparm(
		164	...)
		165	{ return((char *)0); }
		166
		167	+#undef tiparm_s
		168	+char *tiparm_s(
		169	+ int num_expected,
		170	+ int tparm_type,
		171	+ const char *string,
		172	+ ...)
		173	+ { return((char *)0); }
		174	+
		175	+#undef tiscan_s
		176	+int tiscan_s(
		177	+ int *num_expected,
		178	+ int *tparm_type,
		179	+ const char *string)
		180	+ { return((int )0); }
		181	+
		182	#undef _nc_tiparm
		183	char *_nc_tiparm(
		184	int expected,
		185	diff --git a/ncurses/llib-ltinfotw b/ncurses/llib-ltinfotw
		186	index 4d35a1e1..64dfdfa5 100644
		187	--- a/ncurses/llib-ltinfotw
		188	+++ b/ncurses/llib-ltinfotw
		189	@@ -1025,6 +1025,21 @@ char *tiparm(
		190	...)
		191	{ return((char *)0); }
		192
		193	+#undef tiparm_s
		194	+char *tiparm_s(
		195	+ int num_expected,
		196	+ int tparm_type,
		197	+ const char *string,
		198	+ ...)
		199	+ { return((char *)0); }
		200	+
		201	+#undef tiscan_s
		202	+int tiscan_s(
		203	+ int *num_expected,
		204	+ int *tparm_type,
		205	+ const char *string)
		206	+ { return((int )0); }
		207	+
		208	#undef _nc_tiparm
		209	char *_nc_tiparm(
		210	int expected,
		211	diff --git a/ncurses/llib-ltinfow b/ncurses/llib-ltinfow
		212	index db846764..7e17a35f 100644
		213	--- a/ncurses/llib-ltinfow
		214	+++ b/ncurses/llib-ltinfow
		215	@@ -949,6 +949,21 @@ char *tiparm(
		216	...)
		217	{ return((char *)0); }
		218
		219	+#undef tiparm_s
		220	+char *tiparm_s(
		221	+ int num_expected,
		222	+ int tparm_type,
		223	+ const char *string,
		224	+ ...)
		225	+ { return((char *)0); }
		226	+
		227	+#undef tiscan_s
		228	+int tiscan_s(
		229	+ int *num_expected,
		230	+ int *tparm_type,
		231	+ const char *string)
		232	+ { return((int )0); }
		233	+
		234	#undef _nc_tiparm
		235	char *_nc_tiparm(
		236	int expected,
		237	diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
		238	index 14bcb67e..0a0b5637 100644
		239	--- a/ncurses/tinfo/parse_entry.c
		240	+++ b/ncurses/tinfo/parse_entry.c
		241	@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
		242	/* Well, we are given a cancel for a name that we don't recognize */
		243	return _nc_extend_names(entryp, name, STRING);
		244	default:
		245	- return 0;
		246	+ return NULL;
		247	}
		248
		249	/* Adjust the 'offset' (insertion-point) to keep the lists of extended
		250	@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
		251	for (last = (unsigned) (max - 1); last > tindex; last--)
		252
		253	if (!found) {
		254	+ char *saved;
		255	+
		256	+ if ((saved = _nc_save_str(name)) == NULL)
		257	+ return NULL;
		258	+
		259	switch (token_type) {
		260	case BOOLEAN:
		261	tp->ext_Booleans++;
		262	@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
		263	TYPE_REALLOC(char *, actual, tp->ext_Names);
		264	while (--actual > offset)
		265	tp->ext_Names[actual] = tp->ext_Names[actual - 1];
		266	- tp->ext_Names[offset] = _nc_save_str(name);
		267	+ tp->ext_Names[offset] = saved;
		268	}
		269
		270	temp.nte_name = tp->ext_Names[offset];
		271	@@ -364,6 +369,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
		272	bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0);
		273	bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0);
		274	if (is_use \|\| is_tc) {
		275	+ char *saved;
		276	+
		277	if (!VALID_STRING(_nc_curr_token.tk_valstring)
		278	\|\| _nc_curr_token.tk_valstring[0] == '\0') {
		279	_nc_warning("missing name for use-clause");
		280	@@ -377,11 +384,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
		281	_nc_curr_token.tk_valstring);
		282	continue;
		283	}
		284	- entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
		285	- entryp->uses[entryp->nuses].line = _nc_curr_line;
		286	- entryp->nuses++;
		287	- if (entryp->nuses > 1 && is_tc) {
		288	- BAD_TC_USAGE
		289	+ if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) {
		290	+ entryp->uses[entryp->nuses].name = saved;
		291	+ entryp->uses[entryp->nuses].line = _nc_curr_line;
		292	+ entryp->nuses++;
		293	+ if (entryp->nuses > 1 && is_tc) {
		294	+ BAD_TC_USAGE
		295	+ }
		296	}
		297	} else {
		298	/* normal token lookup */
		299	--
		300	2.25.1
		301


diff --git a/meta/recipes-core/ncurses/ncurses_6.4.bb b/meta/recipes-core/ncurses/ncurses_6.4.bb index 2c621525f9..31f18bbadc 100644 --- a/meta/recipes-core/ncurses/ncurses_6.4.bb +++ b/meta/recipes-core/ncurses/ncurses_6.4.bb
@@ -6,6 +6,7 @@ SRC_URI += "file://0001-tic-hang.patch \
6	file://exit_prototype.patch \	6	file://exit_prototype.patch \
7	file://0001-Fix-CVE-2023-29491.patch \	7	file://0001-Fix-CVE-2023-29491.patch \
8	file://0001-Updating-reset-code-ncurses-6.4-patch-20231104.patch \	8	file://0001-Updating-reset-code-ncurses-6.4-patch-20231104.patch \
		9	file://CVE-2023-50495.patch \
9	"	10	"
10	# commit id corresponds to the revision in package version	11	# commit id corresponds to the revision in package version
11	SRCREV = "79b9071f2be20a24c7be031655a5638f6032f29f"	12	SRCREV = "79b9071f2be20a24c7be031655a5638f6032f29f"