Imported Debian patch 4.0.2-4.1sarge1debian/4.0.2-4.1sarge1

author: Moritz Muehlenhoff <jmm@debian.org> 2006-10-24 21:39:21 +0000
committer: Axel Beckert <abe@deuxchevaux.org> 2011-09-03 14:05:26 +0200
commit: 922f8543619669d515b044e645ed8ea1b1f1d66d (patch)
tree: f321286b30abd0f22da4ec8a10a41770986d6b3a
parent: 1a215a58c433500caf0c99eb8cef619840b4b61f (diff)
download: screen-debian/4.0.2-4.1sarge1.tar.gz
2 files changed, 16 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index b9e08ee..fb6202b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+screen (4.0.2-4.1sarge1) stable-security; urgency=high
+
+  * Fix out-of-bands write when processing character codes in
+    UTF-8 sequences. (CVE-2006-4573)
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Tue, 24 Oct 2006 21:39:21 +0000
+
 screen (4.0.2-4.1) unstable; urgency=low
 
   * Non-maintainer upload
diff --git a/encoding.c b/encoding.c
index c7616c4..2426545 100644
--- a/encoding.c
+++ b/encoding.c
@@ -995,8 +995,16 @@ struct mchar *mc;
     {
       /* full, recycle old entry */
       if (c1 >= 0xd800 && c1 < 0xe000)
-        comb_tofront(root, c1);
+        comb_tofront(root, c1 - 0xd800);
       i = combchars[root]->prev;
+      if (c1 == i + 0xd800) 
+	{
+	  /* completely full, can't recycle */
+	  debug("utf8_handle_comp: completely full!\n");
+	  mc->image = '?';
+	  mc->font  = 0;
+	  return;
+	}
       /* FIXME: delete old char from all buffers */
     }
   else if (!combchars[i])
author	Moritz Muehlenhoff <jmm@debian.org>	2006-10-24 21:39:21 +0000
committer	Axel Beckert <abe@deuxchevaux.org>	2011-09-03 14:05:26 +0200
commit	922f8543619669d515b044e645ed8ea1b1f1d66d (patch)
tree	f321286b30abd0f22da4ec8a10a41770986d6b3a
parent	1a215a58c433500caf0c99eb8cef619840b4b61f (diff)
download	screen-debian/4.0.2-4.1sarge1.tar.gz