diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 14:13:24 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 14:13:24 +0000 |
commit | 0bb260bf7479e25554843744932b065793f74ad6 (patch) | |
tree | 0f258584cbb715e9bc046442eb523687fcdf7eb6 /debian/patches | |
parent | New patch 909_button-type.patch to fix rodata write [CVE-2016-9437] (diff) | |
download | w3m-0bb260bf7479e25554843744932b065793f74ad6.tar.gz w3m-0bb260bf7479e25554843744932b065793f74ad6.zip |
New patch 910_input-alt.patch to fix null deref [CVE-2016-9438]
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/910_input-alt.patch | 22 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 23 insertions, 0 deletions
diff --git a/debian/patches/910_input-alt.patch b/debian/patches/910_input-alt.patch new file mode 100644 index 0000000..57c3e6b --- /dev/null +++ b/debian/patches/910_input-alt.patch @@ -0,0 +1,22 @@ +Author: Tatsuya Kinoshita <tats@debian.org> +Subject: Prevent segfault with malformed input_alt +Bug-Debian: https://github.com/tats/w3m/issues/18 [CVE-2016-9438] +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=010b68580dc50ce183df11cc79721936ab5c4f25 + +diff --git a/file.c b/file.c +index 3b7befe..68d625c 100644 +--- a/file.c ++++ b/file.c +@@ -3021,9 +3021,9 @@ flushline(struct html_feed_environ *h_env, struct readbuffer *obuf, int indent, + tmp = Sprintf("<INPUT_ALT hseq=\"%d\" fid=\"%d\" name=\"%s\" type=\"%s\" value=\"%s\">", + obuf->input_alt.hseq, + obuf->input_alt.fid, +- obuf->input_alt.name->ptr, +- obuf->input_alt.type->ptr, +- obuf->input_alt.value->ptr); ++ obuf->input_alt.name ? obuf->input_alt.name->ptr : "", ++ obuf->input_alt.type ? obuf->input_alt.type->ptr : "", ++ obuf->input_alt.value ? obuf->input_alt.value->ptr : ""); + push_tag(obuf, tmp->ptr, HTML_INPUT_ALT); + } + if (!hidden_bold && obuf->in_bold) diff --git a/debian/patches/series b/debian/patches/series index 74e09ac..02b2580 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -45,3 +45,4 @@ 907_iso2022.patch 908_forms.patch 909_button-type.patch +910_input-alt.patch |