Reliability fix:

Buffer overflow in GNU screen allows privilege escalation for local users.
It also has some potential for attackers getting control of another user's
screen.  Transfer of approximately two gigabytes of data is required to
exploit this vulnerability.
Usually screen is installed either setgid-utmp or setuid-root but this DOES
NOT happen on OpenBSD, thus the reliability fix.

ok brad@
This commit is contained in:
margarida 2003-12-04 23:27:07 +00:00
parent fb20101607
commit 92208e6cc1
3 changed files with 36 additions and 2 deletions

View File

@ -1,10 +1,10 @@
# $OpenBSD: Makefile,v 1.50 2003/11/22 00:56:58 espie Exp $ # $OpenBSD: Makefile,v 1.51 2003/12/04 23:27:07 margarida Exp $
COMMENT= "multi-screen window manager" COMMENT= "multi-screen window manager"
VERSION= 4.0.1 VERSION= 4.0.1
DISTNAME= screen-${VERSION} DISTNAME= screen-${VERSION}
PKGNAME= ${DISTNAME}p1 PKGNAME= ${DISTNAME}p2
CATEGORIES= misc CATEGORIES= misc
MASTER_SITES= ftp://ftp.uni-erlangen.de/pub/utilities/screen/ MASTER_SITES= ftp://ftp.uni-erlangen.de/pub/utilities/screen/

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-ansi_c,v 1.1 2003/12/04 23:27:07 margarida Exp $
--- ansi.c.orig 2003-11-28 00:27:43.000000000 +0000
+++ ansi.c 2003-11-28 00:28:29.000000000 +0000
@@ -559,7 +559,7 @@ register int len;
{
case '0': case '1': case '2': case '3': case '4':
case '5': case '6': case '7': case '8': case '9':
- if (curr->w_NumArgs < MAXARGS)
+ if (curr->w_NumArgs >= 0 && curr->w_NumArgs < MAXARGS)
{
if (curr->w_args[curr->w_NumArgs] < 100000000)
curr->w_args[curr->w_NumArgs] =

View File

@ -0,0 +1,22 @@
$OpenBSD: patch-resize_c,v 1.1 2003/12/04 23:27:07 margarida Exp $
--- resize.c.orig 2003-11-28 00:28:47.000000000 +0000
+++ resize.c 2003-11-28 00:30:19.000000000 +0000
@@ -682,6 +682,18 @@ int wi, he, hi;
if (wi == 0)
he = hi = 0;
+ if (wi > 1000)
+ {
+ Msg(0, "Window width too large, truncated");
+ wi = 1000;
+ }
+ if (he > 1000)
+ {
+ Msg(0, "Window height too large, truncated");
+ he = 1000;
+ }
+
+
if (p->w_width == wi && p->w_height == he && p->w_histheight == hi)
{
debug("ChangeWindowSize: No change.\n");