fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491)

Resolves: CVE-2023-29491
2023-08-14 16:11:18 +02:00 · 2023-08-14 16:11:18 +02:00 · 59db41e1b7
commit 59db41e1b7
parent 64df16cdae
2 changed files with 15 additions and 0 deletions
--- a/ncurses-cve-2023-29491.patch
+++ b/ncurses-cve-2023-29491.patch
@ -0,0 +1,13 @@
+diff -up ncurses-6.2-20210508/ncurses/tinfo/read_entry.c.cve-2023-29491 ncurses-6.2-20210508/ncurses/tinfo/read_entry.c
+--- ncurses-6.2-20210508/ncurses/tinfo/read_entry.c.cve-2023-29491	2023-08-14 15:52:46.536461992 +0200
+++ ncurses-6.2-20210508/ncurses/tinfo/read_entry.c	2023-08-14 15:55:04.384426095 +0200
+@@ -308,6 +308,9 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *
+ 	|| bool_count < 0
+ 	|| num_count < 0
+ 	|| str_count < 0
+	|| bool_count > BOOLCOUNT
+	|| num_count > NUMCOUNT
+	|| str_count > STRCOUNT
+ 	|| str_size < 0) {
+ 	returnDB(TGETENT_NO);
+     }
--- a/ncurses.spec
+++ b/ncurses.spec
@ -16,6 +16,7 @@ Patch12: ncurses-kbs.patch
 Patch13: ncurses-cve-2019-17594.patch
 Patch14: ncurses-cve-2019-17595.patch
 Patch15: ncurses-tputx.patch
+Patch16: ncurses-cve-2023-29491.patch
 BuildRequires: gcc gcc-c++ gpm-devel pkgconfig

 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@ -133,6 +134,7 @@ The ncurses-static package includes static libraries of the ncurses library.
 %patch13 -p1 -b .cve-2019-17594
 %patch14 -p1 -b .cve-2019-17595
 %patch15 -p1 -b .tputx
+%patch16 -p1 -b .cve-2023-29491

 for f in ANNOUNCE; do
    iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&