From e1dd92b37f5d8d772a60b0db0a8fed6667d7d581 Mon Sep 17 00:00:00 2001 From: Tatsuya Kinoshita Date: Mon, 21 Nov 2016 23:34:04 +0900 Subject: New patch 914_curline.patch to fix near-null deref [CVE-2016-9440] --- debian/patches/914_curline.patch | 18 ++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 19 insertions(+) create mode 100644 debian/patches/914_curline.patch (limited to 'debian/patches') diff --git a/debian/patches/914_curline.patch b/debian/patches/914_curline.patch new file mode 100644 index 0000000..c977b87 --- /dev/null +++ b/debian/patches/914_curline.patch @@ -0,0 +1,18 @@ +Subject: Prevent segfault for formUpdateBuffer +Author: Tatsuya Kinoshita +Bug-Debian: https://github.com/tats/w3m/issues/22 [CVE-2016-9440] +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=4a8d16fc8d08206dd7142435054ee38ff41805b7 + +diff --git a/form.c b/form.c +index 779ba2f..20b7310 100644 +--- a/form.c ++++ b/form.c +@@ -461,6 +461,8 @@ formUpdateBuffer(Anchor *a, Buffer *buf, FormItemList *form) + #endif /* MENU_SELECT */ + p = form->value->ptr; + l = buf->currentLine; ++ if (!l) ++ break; + if (form->type == FORM_TEXTAREA) { + int n = a->y - buf->currentLine->linenumber; + if (n > 0) diff --git a/debian/patches/series b/debian/patches/series index 9404dea..8e9b809 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -49,3 +49,4 @@ 911_rowcolspan.patch 912_i-dd.patch 913_tabwidth.patch +914_curline.patch -- cgit v1.2.3