aboutsummaryrefslogtreecommitdiffstats
path: root/debian/patches/943_pushlink.patch
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2017-01-06 14:18:40 +0000
committerTatsuya Kinoshita <tats@debian.org>2017-01-06 14:18:40 +0000
commitd73f74e2cb70297d1373d7fa8921881106dc0b58 (patch)
tree66567ba8a175389f4d72346e5440bae0eb882c76 /debian/patches/943_pushlink.patch
parentDebian release 0.5.3-19+deb8u1 (diff)
downloadw3m-d73f74e2cb70297d1373d7fa8921881106dc0b58.tar.gz
w3m-d73f74e2cb70297d1373d7fa8921881106dc0b58.zip
Fix multiple vulnerabilities (closes: #850432)
- New patch 934_menu.patch to fix buffer overflow (tats/w3m#49) - New patch 935_shiftanchor.patch to fix buffer overflow (tats/w3m#62) - New patch 936_metarefresh.patch to fix buffer overflow (tats/w3m#63) - New patch 937_lineproc0.patch to fix buffer overflow (tats/w3m#67) - New patch 938_lineproc2body.patch to fix buffer overflow (tats/w3m#61) - New patch 939_textarea.patch to fix buffer overflow (tats/w3m#58) - New patch 940_tabattr.patch to fix buffer overflow (tats/w3m#60) - New patch 941_integeredwidth.patch to fix buffer overflow (tats/w3m#70) - New patch 942_tridvalue.patch to fix buffer overflow (tats/w3m#71) - New patch 943_pushlink.patch to fix buffer overflow (tats/w3m#64, #66) - New patch 944_lineproc0.patch to fix use after free (tats/w3m#65) - New patch 945_wtfstrwidth.patch to fix buffer overflow (tats/w3m#57) - New patch 946_strnewsize.patch to fix buffer overflow (tats/w3m#72) - New patch 947_realcolumn.patch to fix buffer overflow (tats/w3m#69) - New patch 948_getmclen.patch to fix buffer overflow (tats/w3m#59, #73, #74, #75, #76, #78, #79, #80, #83, #84) - New patch 949_wtftowcs.patch to fix buffer overflow (tats/w3m#77) - New patch 950_textarea.patch to fix infinite loop (tats/w3m#85) - New patch 951_lineproc0.patch to fix use after free (tats/w3m#81) - New patch 952_formupdatebuffer.patch to fix buffer overflow (tats/w3m#82) - New patch 953_formupdateline.patch to fix buffer overflow (tats/w3m#68#issuecomment-266214643) - New patch 954_wtfparse1.patch to fix buffer overflow (tats/w3m#68)
Diffstat (limited to '')
-rw-r--r--debian/patches/943_pushlink.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/debian/patches/943_pushlink.patch b/debian/patches/943_pushlink.patch
new file mode 100644
index 0000000..3b24cb4
--- /dev/null
+++ b/debian/patches/943_pushlink.patch
@@ -0,0 +1,32 @@
+Subject: Prevent negative values for offset and pos in push_link()
+From: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/64
+Bug-Debian: https://github.com/tats/w3m/issues/66
+Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ecf57714191b77142da74035b748262cdc80dfb7
+
+---
+ file.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/file.c b/file.c
+index 330ae3a..483180a 100644
+--- a/file.c
++++ b/file.c
+@@ -2307,8 +2307,12 @@ push_link(int cmd, int offset, int pos)
+ struct link_stack *p;
+ p = New(struct link_stack);
+ p->cmd = cmd;
+- p->offset = offset;
+- p->pos = pos;
++ p->offset = (short)offset;
++ if (p->offset < 0)
++ p->offset = 0;
++ p->pos = (short)pos;
++ if (p->pos < 0)
++ p->pos = 0;
+ p->next = link_stack;
+ link_stack = p;
+ }
+--
+2.10.2
+