diff options
author | Maxin B. John <maxin.john@intel.com> | 2015-10-07 05:53:38 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-10-12 14:36:28 +0100 |
commit | 8d5878b35f254957aea839a3c0ce1ef7acb32027 (patch) | |
tree | c7379c21cf80ccd15d7a9eb7df75f68b4baac4af /meta | |
parent | acdc2db899307b9a0fdbf1bc672964bb83fd58fc (diff) | |
download | poky-8d5878b35f254957aea839a3c0ce1ef7acb32027.tar.gz |
screen: fix CVE-2015-6806
Backport a patch to fix CVE-2015-6806
(From OE-Core rev: 0f2dbfd939ed2d9f2cbbed4d1522e77c4d1672b2)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch | 57 | ||||
-rw-r--r-- | meta/recipes-extended/screen/screen_4.3.1.bb | 1 |
2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch new file mode 100644 index 0000000000..2bc9a59bea --- /dev/null +++ b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch | |||
@@ -0,0 +1,57 @@ | |||
1 | Bug: 45713 | ||
2 | |||
3 | How to reproduce: | ||
4 | Run this command inside screen | ||
5 | $ printf '\x1b[10000000T' | ||
6 | |||
7 | screen will recursively call MScrollV to depth n/256. | ||
8 | This is time consuming and will overflow stack if n is huge. | ||
9 | |||
10 | Fixes CVE-2015-6806 | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | |||
14 | Signed-off-by: Kuang-che Wu <kcwu@csie.org> | ||
15 | Signed-off-by: Amadeusz Sławiński <amade@asmblr.net> | ||
16 | Signed-off-by: Maxin B. John <maxin.john@intel.com> | ||
17 | --- | ||
18 | diff -Naur screen-4.3.1-orig/ansi.c screen-4.3.1/ansi.c | ||
19 | --- screen-4.3.1-orig/ansi.c 2015-06-29 00:22:55.000000000 +0300 | ||
20 | +++ screen-4.3.1/ansi.c 2015-10-06 13:13:58.297648039 +0300 | ||
21 | @@ -2502,13 +2502,13 @@ | ||
22 | return; | ||
23 | if (n > 0) | ||
24 | { | ||
25 | + if (ye - ys + 1 < n) | ||
26 | + n = ye - ys + 1; | ||
27 | if (n > 256) | ||
28 | { | ||
29 | MScrollV(p, n - 256, ys, ye, bce); | ||
30 | n = 256; | ||
31 | } | ||
32 | - if (ye - ys + 1 < n) | ||
33 | - n = ye - ys + 1; | ||
34 | #ifdef COPY_PASTE | ||
35 | if (compacthist) | ||
36 | { | ||
37 | @@ -2562,15 +2562,15 @@ | ||
38 | } | ||
39 | else | ||
40 | { | ||
41 | - if (n < -256) | ||
42 | - { | ||
43 | - MScrollV(p, n + 256, ys, ye, bce); | ||
44 | - n = -256; | ||
45 | - } | ||
46 | n = -n; | ||
47 | if (ye - ys + 1 < n) | ||
48 | n = ye - ys + 1; | ||
49 | |||
50 | + if (n > 256) | ||
51 | + { | ||
52 | + MScrollV(p, - (n - 256), ys, ye, bce); | ||
53 | + n = 256; | ||
54 | + } | ||
55 | ml = p->w_mlines + ye; | ||
56 | /* Clear lines */ | ||
57 | for (i = ye; i > ye - n; i--, ml--) | ||
diff --git a/meta/recipes-extended/screen/screen_4.3.1.bb b/meta/recipes-extended/screen/screen_4.3.1.bb index 92457af171..00d878b2c1 100644 --- a/meta/recipes-extended/screen/screen_4.3.1.bb +++ b/meta/recipes-extended/screen/screen_4.3.1.bb | |||
@@ -24,6 +24,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ | |||
24 | file://Avoid-mis-identifying-systems-as-SVR4.patch \ | 24 | file://Avoid-mis-identifying-systems-as-SVR4.patch \ |
25 | file://0001-fix-for-multijob-build.patch \ | 25 | file://0001-fix-for-multijob-build.patch \ |
26 | file://0002-comm.h-now-depends-on-term.h.patch \ | 26 | file://0002-comm.h-now-depends-on-term.h.patch \ |
27 | file://0001-Fix-stack-overflow-due-to-too-deep-recursion.patch \ | ||
27 | " | 28 | " |
28 | 29 | ||
29 | SRC_URI[md5sum] = "5bb3b0ff2674e29378c31ad3411170ad" | 30 | SRC_URI[md5sum] = "5bb3b0ff2674e29378c31ad3411170ad" |