- CAN-2003-0071, incorrectly ignored BTS#712 (xterm DoS on invalid DEC UDK sequence)

author Jakub Bogusz <qboosh@pld-linux.org>

Fri, 29 Aug 2003 13:13:38 +0000 (13:13 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author Jakub Bogusz <qboosh@pld-linux.org>
Fri, 29 Aug 2003 13:13:38 +0000 (13:13 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/XFree86-xterm-DECUDK-security-fix.patch b/XFree86-xterm-DECUDK-security-fix.patch

new file mode 100644 (file)

index 0000000..d21ad65
--- /dev/null
+++ b/XFree86-xterm-DECUDK-security-fix.patch
@@ -0,0 +1,19 @@
+--- xc/programs/xterm/misc.c.xterm-DECUDK-security-fix 2001-10-23 21:21:24.000000000 -0400
++++ xc/programs/xterm/misc.c   2003-04-03 11:00:48.000000000 -0500
+@@ -1649,6 +1649,7 @@
+                               reset_decudk();
+ 
+                       while (*cp) {
++                              char *base = cp;
+                               char *str = (char *)malloc(strlen(cp) + 2);
+                               unsigned key = 0;
+                               int len = 0;
+@@ -1675,6 +1676,8 @@
+                               }
+                               if (*cp == ';')
+                                       cp++;
++                              if (cp == base) /* badly-formed sequence - bail out */
++                                      break;
+                       }
+               }
+               break;
author	Jakub Bogusz <qboosh@pld-linux.org>
	Fri, 29 Aug 2003 13:13:38 +0000 (13:13 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)