Reliability fix:
Buffer overflow in GNU screen allows privilege escalation for local users. It also has some potential for attackers getting control of another user's screen. Transfer of approximately two gigabytes of data is required to exploit this vulnerability. Usually screen is installed either setgid-utmp or setuid-root but this DOES NOT happen on OpenBSD, thus the reliability fix. ok brad@
This commit is contained in:
parent
fb20101607
commit
92208e6cc1
@ -1,10 +1,10 @@
|
|||||||
# $OpenBSD: Makefile,v 1.50 2003/11/22 00:56:58 espie Exp $
|
# $OpenBSD: Makefile,v 1.51 2003/12/04 23:27:07 margarida Exp $
|
||||||
|
|
||||||
COMMENT= "multi-screen window manager"
|
COMMENT= "multi-screen window manager"
|
||||||
|
|
||||||
VERSION= 4.0.1
|
VERSION= 4.0.1
|
||||||
DISTNAME= screen-${VERSION}
|
DISTNAME= screen-${VERSION}
|
||||||
PKGNAME= ${DISTNAME}p1
|
PKGNAME= ${DISTNAME}p2
|
||||||
CATEGORIES= misc
|
CATEGORIES= misc
|
||||||
MASTER_SITES= ftp://ftp.uni-erlangen.de/pub/utilities/screen/
|
MASTER_SITES= ftp://ftp.uni-erlangen.de/pub/utilities/screen/
|
||||||
|
|
||||||
|
12
misc/screen/patches/patch-ansi_c
Normal file
12
misc/screen/patches/patch-ansi_c
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
$OpenBSD: patch-ansi_c,v 1.1 2003/12/04 23:27:07 margarida Exp $
|
||||||
|
--- ansi.c.orig 2003-11-28 00:27:43.000000000 +0000
|
||||||
|
+++ ansi.c 2003-11-28 00:28:29.000000000 +0000
|
||||||
|
@@ -559,7 +559,7 @@ register int len;
|
||||||
|
{
|
||||||
|
case '0': case '1': case '2': case '3': case '4':
|
||||||
|
case '5': case '6': case '7': case '8': case '9':
|
||||||
|
- if (curr->w_NumArgs < MAXARGS)
|
||||||
|
+ if (curr->w_NumArgs >= 0 && curr->w_NumArgs < MAXARGS)
|
||||||
|
{
|
||||||
|
if (curr->w_args[curr->w_NumArgs] < 100000000)
|
||||||
|
curr->w_args[curr->w_NumArgs] =
|
22
misc/screen/patches/patch-resize_c
Normal file
22
misc/screen/patches/patch-resize_c
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
$OpenBSD: patch-resize_c,v 1.1 2003/12/04 23:27:07 margarida Exp $
|
||||||
|
--- resize.c.orig 2003-11-28 00:28:47.000000000 +0000
|
||||||
|
+++ resize.c 2003-11-28 00:30:19.000000000 +0000
|
||||||
|
@@ -682,6 +682,18 @@ int wi, he, hi;
|
||||||
|
if (wi == 0)
|
||||||
|
he = hi = 0;
|
||||||
|
|
||||||
|
+ if (wi > 1000)
|
||||||
|
+ {
|
||||||
|
+ Msg(0, "Window width too large, truncated");
|
||||||
|
+ wi = 1000;
|
||||||
|
+ }
|
||||||
|
+ if (he > 1000)
|
||||||
|
+ {
|
||||||
|
+ Msg(0, "Window height too large, truncated");
|
||||||
|
+ he = 1000;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+
|
||||||
|
if (p->w_width == wi && p->w_height == he && p->w_histheight == hi)
|
||||||
|
{
|
||||||
|
debug("ChangeWindowSize: No change.\n");
|
Loading…
Reference in New Issue
Block a user