mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-30 08:02:38 -05:00
7d48938a59
* gnu/packages/gnome.scm (vte-0.28)[source]: Add patches. * gnu/packages/patches/vte-CVE-2012-2738-pt1.patch, gnu/packages/patches/vte-CVE-2012-2738-pt2.patch: New variables. * gnu/local.mk (dist_patch_DATA): Add them.
40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
|
|
From: Christian Persch <chpe@gnome.org>
|
|
Date: Sat, 19 May 2012 17:36:09 +0000
|
|
Subject: emulation: Limit integer arguments to 65535
|
|
|
|
To guard against malicious sequences containing excessively big numbers,
|
|
limit all parsed numbers to 16 bit range. Doing this here in the parsing
|
|
routine is a catch-all guard; this doesn't preclude enforcing
|
|
more stringent limits in the handlers themselves.
|
|
|
|
https://bugzilla.gnome.org/show_bug.cgi?id=676090
|
|
---
|
|
diff --git a/src/table.c b/src/table.c
|
|
index 140e8c8..85cf631 100644
|
|
--- a/src/table.c
|
|
+++ b/src/table.c
|
|
@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
|
|
if (G_UNLIKELY (*array == NULL)) {
|
|
*array = g_value_array_new(1);
|
|
}
|
|
- g_value_set_long(&value, total);
|
|
+ g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
|
|
g_value_array_append(*array, &value);
|
|
} while (i++ < arginfo->length);
|
|
g_value_unset(&value);
|
|
diff --git a/src/vteseq.c b/src/vteseq.c
|
|
index 457c06a..46def5b 100644
|
|
--- a/src/vteseq.c
|
|
+++ b/src/vteseq.c
|
|
@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
|
|
GValueArray *params,
|
|
VteTerminalSequenceHandler handler)
|
|
{
|
|
- vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
|
|
+ vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
|
|
}
|
|
|
|
static void
|
|
--
|
|
cgit v0.9.0.2
|