fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491)

Resolves: CVE-2023-29491
2023-08-14 16:11:18 +02:00 · 2023-08-14 16:11:18 +02:00 · 5640f56933
commit 5640f56933
parent 3f4453ee61
2 changed files with 15 additions and 0 deletions
--- a/ncurses-cve-2023-29491.patch
+++ b/ncurses-cve-2023-29491.patch
@ -0,0 +1,13 @@
+diff -up ncurses-6.2-20210508/ncurses/tinfo/read_entry.c.cve-2023-29491 ncurses-6.2-20210508/ncurses/tinfo/read_entry.c
+--- ncurses-6.2-20210508/ncurses/tinfo/read_entry.c.cve-2023-29491	2023-08-14 15:52:46.536461992 +0200
+++ ncurses-6.2-20210508/ncurses/tinfo/read_entry.c	2023-08-14 15:55:04.384426095 +0200
+@@ -308,6 +308,9 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *
+ 	|| bool_count < 0
+ 	|| num_count < 0
+ 	|| str_count < 0
+	|| bool_count > BOOLCOUNT
+	|| num_count > NUMCOUNT
+	|| str_count > STRCOUNT
+ 	|| str_size < 0) {
+ 	returnDB(TGETENT_NO);
+     }
--- a/ncurses.spec
+++ b/ncurses.spec
@ -13,6 +13,7 @@ Patch8: ncurses-config.patch
 Patch9: ncurses-libs.patch
 Patch11: ncurses-urxvt.patch
 Patch12: ncurses-kbs.patch
+Patch13: ncurses-cve-2023-29491.patch
 BuildRequires: gcc gcc-c++ gpm-devel gnupg2 make pkgconfig

 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@ -114,6 +115,7 @@ The ncurses-static package includes static libraries of the ncurses library.
 %patch9 -p1 -b .libs
 %patch11 -p1 -b .urxvt
 %patch12 -p1 -b .kbs
+%patch13 -p1 -b .cve-2023-29491

 for f in ANNOUNCE; do
    iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&