diff options
| author | Niclas Zeising <zeising@FreeBSD.org> | 2017-10-17 20:29:32 +0000 |
|---|---|---|
| committer | Niclas Zeising <zeising@FreeBSD.org> | 2017-10-17 20:29:32 +0000 |
| commit | fc53f426427697764168a08363c6e35cd7e04a75 (patch) | |
| tree | 285f7936611662d6231d07f0ab8653fb666b05ff | |
| parent | devel/py-pyasn1: update to 0.3.7 (diff) | |
Fix out of bounds memory read when reading bar input.
Add patch from upstream git that fixes an out of bounds read and possible
write if the bar action script returns a NULL as the first character.
It is unclear if this can cause any security issues, but I feel it's prudent
to fix the issue.
MFH: 2017Q4
| -rw-r--r-- | x11-wm/spectrwm/Makefile | 3 | ||||
| -rw-r--r-- | x11-wm/spectrwm/files/ea3e6da-oob-fix.patch | 30 |
2 files changed, 33 insertions, 0 deletions
diff --git a/x11-wm/spectrwm/Makefile b/x11-wm/spectrwm/Makefile index 25208cb97f3c..ebe1e6baa482 100644 --- a/x11-wm/spectrwm/Makefile +++ b/x11-wm/spectrwm/Makefile @@ -4,6 +4,7 @@ PORTNAME= spectrwm DISTVERSIONPREFIX= SPECTRWM_ DISTVERSION= 3_1_0 +PORTREVISION= 1 CATEGORIES= x11-wm MAINTAINER= zeising@FreeBSD.org @@ -36,6 +37,8 @@ CONFEXAMPLES= spectrwm_cz.conf \ SCRIPTEXAMPLES= baraction.sh \ screenshot.sh +EXTRA_PATCHES= ${FILESDIR}/ea3e6da-oob-fix.patch + post-patch: @${REINPLACE_CMD} -e 's|/etc/|${PREFIX}/etc/|g' ${WRKSRC}/spectrwm.* diff --git a/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch b/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch new file mode 100644 index 000000000000..3c539ffae7af --- /dev/null +++ b/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch @@ -0,0 +1,30 @@ +From ea3e6da62247572e92c4ba00f70eab73f6254adf Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sat, 14 Oct 2017 10:22:31 +0200 +Subject: [PATCH] Fix OOB while reading bar input. + +If the status bar script returns NUL as the first character through +stdin, spectrwm is prone to an out of boundary access. Depending on +the memory layout of the machine, it could turn into an OOB write. + +The fix is simple: If the string is empty, do not further check for +newline character. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +--- + spectrwm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/spectrwm.c b/spectrwm.c +index 9d3ec23..9b0ad2c 100644 +--- spectrwm.c ++++ spectrwm.c +@@ -2761,7 +2761,7 @@ bar_extra_update(void) + while (fgets(b, sizeof(b), stdin) != NULL) { + if (bar_enabled) { + len = strlen(b); +- if (b[len - 1] == '\n') { ++ if (len > 0 && b[len - 1] == '\n') { + /* Remove newline. */ + b[--len] = '\0'; + |