mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-23 23:43:30 +00:00
gnome2.vte: fix CVE-2012-2738
This commit is contained in:
parent
5ce5ef06ab
commit
4c6f7ee729
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl, intltool, pkgconfig, glib, gtk, ncurses
|
||||
{ stdenv, fetchurl, fetchpatch, intltool, pkgconfig, glib, gtk, ncurses
|
||||
, pythonSupport ? false, python27Packages}:
|
||||
|
||||
let
|
||||
@ -15,7 +15,17 @@ in stdenv.mkDerivation rec {
|
||||
./alt.patch
|
||||
./change-scroll-region.patch
|
||||
# CVE-2012-2738
|
||||
./vte-0.28.2-limit-arguments.patch
|
||||
# fixed in upstream version 0.32.2
|
||||
(fetchpatch{
|
||||
name = "CVE-2012-2738-1.patch";
|
||||
url = https://git.gnome.org/browse/vte/patch/?id=feeee4b5832b17641e505b7083e0d299fdae318e;
|
||||
sha256 = "1455i6zxcx4rj2cz639s8qdc04z2nshprwl7k00mcsw49gv3hk5n";
|
||||
})
|
||||
(fetchpatch{
|
||||
name = "CVE-2012-2738-2.patch";
|
||||
url = https://git.gnome.org/browse/vte/patch/?id=98ce2f265f986fb88c38d508286bb5e3716b9e74;
|
||||
sha256 = "0n24vw49h89w085ggq23iwlnnb6ajllfh2dg4vsar21d82jxc0sn";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
|
@ -1,40 +0,0 @@
|
||||
From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
|
||||
From: Christian Persch <chpe@gnome.org>
|
||||
Date: Sat, 19 May 2012 17:36:09 +0000
|
||||
Subject: emulation: Limit integer arguments to 65535
|
||||
|
||||
To guard against malicious sequences containing excessively big numbers,
|
||||
limit all parsed numbers to 16 bit range. Doing this here in the parsing
|
||||
routine is a catch-all guard; this doesn't preclude enforcing
|
||||
more stringent limits in the handlers themselves.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=676090
|
||||
---
|
||||
diff --git a/src/table.c b/src/table.c
|
||||
index 140e8c8..85cf631 100644
|
||||
--- a/src/table.c
|
||||
+++ b/src/table.c
|
||||
@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
|
||||
if (G_UNLIKELY (*array == NULL)) {
|
||||
*array = g_value_array_new(1);
|
||||
}
|
||||
- g_value_set_long(&value, total);
|
||||
+ g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
|
||||
g_value_array_append(*array, &value);
|
||||
} while (i++ < arginfo->length);
|
||||
g_value_unset(&value);
|
||||
diff --git a/src/vteseq.c b/src/vteseq.c
|
||||
index 457c06a..46def5b 100644
|
||||
--- a/src/vteseq.c
|
||||
+++ b/src/vteseq.c
|
||||
@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
|
||||
GValueArray *params,
|
||||
VteTerminalSequenceHandler handler)
|
||||
{
|
||||
- vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
|
||||
+ vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
|
||||
}
|
||||
|
||||
static void
|
||||
--
|
||||
cgit v0.9.0.2
|
Loading…
Reference in New Issue
Block a user