diff options
author | fcambus <fcambus@pkgsrc.org> | 2021-11-01 21:33:26 +0000 |
---|---|---|
committer | fcambus <fcambus@pkgsrc.org> | 2021-11-01 21:33:26 +0000 |
commit | 6ebef373e8fd87f2a4e5e44c4830a77d9862f462 (patch) | |
tree | 76b364516b1be0e809c1b3cd4aa6889aad1845d3 /editors | |
parent | b80e1d7157160c3ee500c3ebb78b657d45305920 (diff) | |
download | pkgsrc-6ebef373e8fd87f2a4e5e44c4830a77d9862f462.tar.gz |
editors/tweak: Fix buffer overflow in 'unknown key sequence' error report.
From upstream commit ad97e1337e1e1df934b7f3674fa6c9f7e8eb603f.
Diffstat (limited to 'editors')
-rw-r--r-- | editors/tweak/Makefile | 4 | ||||
-rw-r--r-- | editors/tweak/distinfo | 3 | ||||
-rw-r--r-- | editors/tweak/patches/patch-keytab.c | 95 |
3 files changed, 100 insertions, 2 deletions
diff --git a/editors/tweak/Makefile b/editors/tweak/Makefile index 989ab2600ff..5f8e7657b47 100644 --- a/editors/tweak/Makefile +++ b/editors/tweak/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.6 2021/01/10 11:20:17 fcambus Exp $ +# $NetBSD: Makefile,v 1.7 2021/11/01 21:33:26 fcambus Exp $ # DISTNAME= tweak-3.02 +PKGREVISION= 1 CATEGORIES= editors MASTER_SITES= https://www.chiark.greenend.org.uk/~sgtatham/tweak/ @@ -10,6 +11,7 @@ HOMEPAGE= https://www.chiark.greenend.org.uk/~sgtatham/tweak/ COMMENT= Efficient hex editor LICENSE= mit +USE_LANGUAGES= c c99 USE_TOOLS+= gmake MAKE_FLAGS+= PREFIX=${PREFIX} DESTDIR=${DESTDIR} diff --git a/editors/tweak/distinfo b/editors/tweak/distinfo index 9e4857c4d43..5401149fd0d 100644 --- a/editors/tweak/distinfo +++ b/editors/tweak/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.8 2021/10/26 10:21:42 nia Exp $ +$NetBSD: distinfo,v 1.9 2021/11/01 21:33:26 fcambus Exp $ BLAKE2s (tweak-3.02.tar.gz) = 170eca560ea496ce821c273c481e638ef65fa22d81d3179a8c1fbdeffbe23376 SHA512 (tweak-3.02.tar.gz) = 4cf16eae1c48073ca77b0577585473288d7ecbc2d261a359db2cff372c1850cd809becb46bc745ac7d07e982d5eae9a0e0332402267ebab6b12cc952a02cff4e Size (tweak-3.02.tar.gz) = 71939 bytes SHA1 (patch-Makefile) = 43041b78d4bb28c84ab53792cbd39603c8ece038 +SHA1 (patch-keytab.c) = 369ec87681d21cc26f104ba5ef9cd59a2c99707a SHA1 (patch-rcfile.c) = 82bf8d167537de068650d3feaf5552ff7bb2be1b diff --git a/editors/tweak/patches/patch-keytab.c b/editors/tweak/patches/patch-keytab.c new file mode 100644 index 00000000000..294d56316ff --- /dev/null +++ b/editors/tweak/patches/patch-keytab.c @@ -0,0 +1,95 @@ +$NetBSD: patch-keytab.c,v 1.1 2021/11/01 21:33:26 fcambus Exp $ + +Fix buffer overflow in 'unknown key sequence' error report. + +Upstream commit ad97e1337e1e1df934b7f3674fa6c9f7e8eb603f. + +--- keytab.c.orig 2021-11-01 18:58:59.087368560 +0000 ++++ keytab.c +@@ -1,5 +1,6 @@ + #include "tweak.h" + ++#include <stdbool.h> + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +@@ -61,16 +62,33 @@ void bind_key (char *sequence, int len, + /* + * Format an ASCII code into a printable description of the key stroke. + */ +-static void strkey (char *s, int k) { +- k &= 255; /* force unsigned */ +- if (k==27) +- strcpy(s, " ESC"); +- else if (k<32 || k==127) +- sprintf(s, " ^%c", k ^ 64); +- else if (k<127) +- sprintf(s, " %c", k); +- else +- sprintf(s, " <0x%2X>", k); ++struct strkey_state { ++ char *s, *end; ++ bool truncated; ++}; ++static void strkey (struct strkey_state *sks, int k) { ++ char thisbuf[32]; ++ ++ if (sks->truncated) ++ return; ++ ++ if (sks->end - sks->s < 16) { ++ sks->truncated = true; ++ strcpy(thisbuf, " ..."); ++ } else { ++ k &= 255; /* force unsigned */ ++ if (k==27) ++ strcpy(thisbuf, " ESC"); ++ else if (k<32 || k==127) ++ sprintf(thisbuf, " ^%c", k ^ 64); ++ else if (k<127) ++ sprintf(thisbuf, " %c", k); ++ else ++ sprintf(thisbuf, " <0x%2X>", k); ++ } ++ ++ strcpy(sks->s, thisbuf); ++ sks->s += strlen(sks->s); + } + + /* +@@ -89,12 +107,18 @@ void proc_key (void) { + safe_update = FALSE; + #endif + strcpy(message, "Unknown key sequence"); +- strkey(message+strlen(message), last_char); ++ ++ struct strkey_state sks; ++ sks.s = message + strlen(message); ++ sks.end = message + sizeof(message); ++ sks.truncated = false; ++ ++ strkey(&sks, last_char); + kt = base[(unsigned char) last_char]; + if (!kt) { + display_beep(); + while (display_input_to_flush()) +- strkey(message+strlen(message), display_getkey()); ++ strkey(&sks, display_getkey()); + return; + } + +@@ -108,12 +132,12 @@ void proc_key (void) { + #if defined(unix) && !defined(GO32) + safe_update = FALSE; + #endif +- strkey(message+strlen(message), last_char); ++ strkey(&sks, last_char); + kt = kt->e.extended[(unsigned char) last_char]; + if (!kt) { + display_beep(); + while (display_input_to_flush()) +- strkey(message+strlen(message), display_getkey()); ++ strkey(&sks, display_getkey()); + return; + } + } |