diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 14:09:44 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 14:09:44 +0000 |
commit | 2115f92bbf11efd472a3ebc4bb9d0560fde99dc1 (patch) | |
tree | 13a10fb7195f794bc492cf1e2b017b785552b6d3 | |
parent | New patch 908_forms.patch to fix null deref [CVE-2016-9434] (diff) | |
download | w3m-2115f92bbf11efd472a3ebc4bb9d0560fde99dc1.tar.gz w3m-2115f92bbf11efd472a3ebc4bb9d0560fde99dc1.zip |
New patch 909_button-type.patch to fix rodata write [CVE-2016-9437]
-rw-r--r-- | debian/patches/909_button-type.patch | 27 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 28 insertions, 0 deletions
diff --git a/debian/patches/909_button-type.patch b/debian/patches/909_button-type.patch new file mode 100644 index 0000000..067db83 --- /dev/null +++ b/debian/patches/909_button-type.patch @@ -0,0 +1,27 @@ +Subject: Prevent segfault with incorrect button type +Author: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://github.com/tats/w3m/issues/17 [CVE-2016-9437] +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=67be73b03a5ad581e331ec97cb275cd8a52719ed + +diff --git a/file.c b/file.c +index b30aa6b..3b7befe 100644 +--- a/file.c ++++ b/file.c +@@ -3756,6 +3756,17 @@ process_button(struct parsed_tag *tag) + if (v == FORM_UNKNOWN) + return NULL; + ++ switch (v) { ++ case FORM_INPUT_SUBMIT: ++ case FORM_INPUT_BUTTON: ++ case FORM_INPUT_RESET: ++ break; ++ default: ++ p = "submit"; ++ v = FORM_INPUT_SUBMIT; ++ break; ++ } ++ + if (!q) { + switch (v) { + case FORM_INPUT_SUBMIT: diff --git a/debian/patches/series b/debian/patches/series index 1d9a49d..74e09ac 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -44,3 +44,4 @@ 906_form-update.patch 907_iso2022.patch 908_forms.patch +909_button-type.patch |