aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2016-11-21 13:37:04 +0000
committerTatsuya Kinoshita <tats@debian.org>2016-11-21 14:03:33 +0000
commit0e4b8461a50bf5cc51d11308f2b38774b09d33ab (patch)
tree280bda6120f8467ec67501848adbca18e76b14da
parentNew patch 903_input-type.patch to fix null deref [CVE-2016-9430] (diff)
downloadw3m-0e4b8461a50bf5cc51d11308f2b38774b09d33ab.tar.gz
w3m-0e4b8461a50bf5cc51d11308f2b38774b09d33ab.zip
New patch 904_form-update.patch to fix overflow
[CVE-2016-9423] [CVE-2016-9431]
Diffstat
-rw-r--r--debian/patches/904_form-update.patch19
-rw-r--r--debian/patches/series1
2 files changed, 20 insertions, 0 deletions
diff --git a/debian/patches/904_form-update.patch b/debian/patches/904_form-update.patch
new file mode 100644
index 0000000..00967a0
--- /dev/null
+++ b/debian/patches/904_form-update.patch
@@ -0,0 +1,19 @@
+Subject: Prevent segfault for formUpdateBuffer
+Author: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/9 [CVE-2016-9423]
+Bug-Debian: https://github.com/tats/w3m/issues/10 [CVE-2016-9431]
+Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=9f0bdcfdf061db3520bd1f112bdc5e83acdec4be
+
+diff --git a/form.c b/form.c
+index 62b568e..87a5d49 100644
+--- a/form.c
++++ b/form.c
+@@ -477,6 +477,8 @@ formUpdateBuffer(Anchor *a, Buffer *buf, FormItemList *form)
+ spos = a->start.pos;
+ epos = a->end.pos;
+ }
++ if (a->start.line != a->end.line || spos > epos)
++ epos = spos;
+ pos = form_update_line(l, &p, spos, epos, COLPOS(l, epos) - col,
+ rows > 1,
+ form->type == FORM_INPUT_PASSWORD);
diff --git a/debian/patches/series b/debian/patches/series
index 7df5c12..778955c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -39,3 +39,4 @@
901_ucsmap.patch
902_johab1.patch
903_input-type.patch
+904_form-update.patch
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 21:37:25 +0000