diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 13:47:46 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 14:03:33 +0000 |
commit | 54f0858e90c1f88cbae62dd293160fc303a2ac72 (patch) | |
tree | 33d4e114ffde44a49be146feb30c5a61fbbe30be /debian/patches | |
parent | New patch 905_textarea.patch to fix heap write [CVE-2016-9424] (diff) | |
download | w3m-54f0858e90c1f88cbae62dd293160fc303a2ac72.tar.gz w3m-54f0858e90c1f88cbae62dd293160fc303a2ac72.zip |
New patch 906_form-update.patch to fix bcopy size [CVE-2016-9432]
Diffstat (limited to '')
-rw-r--r-- | debian/patches/906_form-update.patch | 21 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 22 insertions, 0 deletions
diff --git a/debian/patches/906_form-update.patch b/debian/patches/906_form-update.patch new file mode 100644 index 0000000..5f4c642 --- /dev/null +++ b/debian/patches/906_form-update.patch @@ -0,0 +1,21 @@ +Subject: Prevent segfault for formUpdateBuffer +Author: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://github.com/tats/w3m/issues/13 [CVE-2016-9432] +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=807e8b7fbffca6dcaf5db40e35f05d05c5cf02d3 +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=7b88478227978a8d673b4dd0e05eee410cc33330 + +diff --git a/form.c b/form.c +index da115fa..779ba2f 100644 +--- a/form.c ++++ b/form.c +@@ -481,8 +481,8 @@ formUpdateBuffer(Anchor *a, Buffer *buf, FormItemList *form) + spos = a->start.pos; + epos = a->end.pos; + } +- if (a->start.line != a->end.line || spos > epos) +- epos = spos; ++ if (a->start.line != a->end.line || spos > epos || epos >= l->len) ++ break; + pos = form_update_line(l, &p, spos, epos, COLPOS(l, epos) - col, + rows > 1, + form->type == FORM_INPUT_PASSWORD); diff --git a/debian/patches/series b/debian/patches/series index bb300fe..799a10b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -41,3 +41,4 @@ 903_input-type.patch 904_form-update.patch 905_textarea.patch +906_form-update.patch |