aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2016-11-21 14:13:24 +0000
committerTatsuya Kinoshita <tats@debian.org>2016-11-21 14:13:24 +0000
commit0bb260bf7479e25554843744932b065793f74ad6 (patch)
tree0f258584cbb715e9bc046442eb523687fcdf7eb6
parentNew patch 909_button-type.patch to fix rodata write [CVE-2016-9437] (diff)
downloadw3m-0bb260bf7479e25554843744932b065793f74ad6.tar.gz
w3m-0bb260bf7479e25554843744932b065793f74ad6.zip
New patch 910_input-alt.patch to fix null deref [CVE-2016-9438]
Diffstat
-rw-r--r--debian/patches/910_input-alt.patch22
-rw-r--r--debian/patches/series1
2 files changed, 23 insertions, 0 deletions
diff --git a/debian/patches/910_input-alt.patch b/debian/patches/910_input-alt.patch
new file mode 100644
index 0000000..57c3e6b
--- /dev/null
+++ b/debian/patches/910_input-alt.patch
@@ -0,0 +1,22 @@
+Author: Tatsuya Kinoshita <tats@debian.org>
+Subject: Prevent segfault with malformed input_alt
+Bug-Debian: https://github.com/tats/w3m/issues/18 [CVE-2016-9438]
+Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=010b68580dc50ce183df11cc79721936ab5c4f25
+
+diff --git a/file.c b/file.c
+index 3b7befe..68d625c 100644
+--- a/file.c
++++ b/file.c
+@@ -3021,9 +3021,9 @@ flushline(struct html_feed_environ *h_env, struct readbuffer *obuf, int indent,
+ tmp = Sprintf("<INPUT_ALT hseq=\"%d\" fid=\"%d\" name=\"%s\" type=\"%s\" value=\"%s\">",
+ obuf->input_alt.hseq,
+ obuf->input_alt.fid,
+- obuf->input_alt.name->ptr,
+- obuf->input_alt.type->ptr,
+- obuf->input_alt.value->ptr);
++ obuf->input_alt.name ? obuf->input_alt.name->ptr : "",
++ obuf->input_alt.type ? obuf->input_alt.type->ptr : "",
++ obuf->input_alt.value ? obuf->input_alt.value->ptr : "");
+ push_tag(obuf, tmp->ptr, HTML_INPUT_ALT);
+ }
+ if (!hidden_bold && obuf->in_bold)
diff --git a/debian/patches/series b/debian/patches/series
index 74e09ac..02b2580 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -45,3 +45,4 @@
907_iso2022.patch
908_forms.patch
909_button-type.patch
+910_input-alt.patch
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 21:31:06 +0000