gnu/packages/patches/vte-CVE-2012-2738-pt1.patch

   1 From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
   2 From: Christian Persch <chpe@gnome.org>
   3 Date: Sat, 19 May 2012 17:36:09 +0000
   4 Subject: emulation: Limit integer arguments to 65535
   5
   6 To guard against malicious sequences containing excessively big numbers,
   7 limit all parsed numbers to 16 bit range. Doing this here in the parsing
   8 routine is a catch-all guard; this doesn't preclude enforcing
   9 more stringent limits in the handlers themselves.
  10
  11 https://bugzilla.gnome.org/show_bug.cgi?id=676090
  12 ---
  13 diff --git a/src/table.c b/src/table.c
  14 index 140e8c8..85cf631 100644
  15 --- a/src/table.c
  16 +++ b/src/table.c
  17 @@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
  18                 if (G_UNLIKELY (*array == NULL)) {
  19                         *array = g_value_array_new(1);
  20                 }
  21 -               g_value_set_long(&value, total);
  22 +               g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
  23                 g_value_array_append(*array, &value);
  24         } while (i++ < arginfo->length);
  25         g_value_unset(&value);
  26 diff --git a/src/vteseq.c b/src/vteseq.c
  27 index 457c06a..46def5b 100644
  28 --- a/src/vteseq.c
  29 +++ b/src/vteseq.c
  30 @@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
  31                                GValueArray *params,
  32                                VteTerminalSequenceHandler handler)
  33  {
  34 -        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
  35 +        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
  36  }
  37
  38  static void
  39 --
  40 cgit v0.9.0.2