[pkgsrc/trunk]: pkgsrc/editors/tweak editors/tweak: Fix buffer overflow in 'u...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/editors/tweak editors/tweak: Fix buffer overflow in 'u...
From: fcambus <fcambus%pkgsrc.org@localhost>
Date: Mon, 01 Nov 2021 23:25:06 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7df29d5161fd
branches:  trunk
changeset: 768831:7df29d5161fd
user:      fcambus <fcambus%pkgsrc.org@localhost>
date:      Mon Nov 01 21:33:26 2021 +0000

description:
editors/tweak: Fix buffer overflow in 'unknown key sequence' error report.

>From upstream commit ad97e1337e1e1df934b7f3674fa6c9f7e8eb603f.

diffstat:

 editors/tweak/Makefile               |   4 +-
 editors/tweak/distinfo               |   3 +-
 editors/tweak/patches/patch-keytab.c |  95 ++++++++++++++++++++++++++++++++++++
 3 files changed, 100 insertions(+), 2 deletions(-)

diffs (133 lines):

diff -r df49ee1de1d2 -r 7df29d5161fd editors/tweak/Makefile
--- a/editors/tweak/Makefile    Mon Nov 01 21:07:38 2021 +0000
+++ b/editors/tweak/Makefile    Mon Nov 01 21:33:26 2021 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2021/01/10 11:20:17 fcambus Exp $
+# $NetBSD: Makefile,v 1.7 2021/11/01 21:33:26 fcambus Exp $
 #
 
 DISTNAME=      tweak-3.02
+PKGREVISION=   1
 CATEGORIES=    editors
 MASTER_SITES=  https://www.chiark.greenend.org.uk/~sgtatham/tweak/
 
@@ -10,6 +11,7 @@
 COMMENT=       Efficient hex editor
 LICENSE=       mit
 
+USE_LANGUAGES= c c99
 USE_TOOLS+=    gmake
 
 MAKE_FLAGS+=   PREFIX=${PREFIX} DESTDIR=${DESTDIR}
diff -r df49ee1de1d2 -r 7df29d5161fd editors/tweak/distinfo
--- a/editors/tweak/distinfo    Mon Nov 01 21:07:38 2021 +0000
+++ b/editors/tweak/distinfo    Mon Nov 01 21:33:26 2021 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.8 2021/10/26 10:21:42 nia Exp $
+$NetBSD: distinfo,v 1.9 2021/11/01 21:33:26 fcambus Exp $
 
 BLAKE2s (tweak-3.02.tar.gz) = 170eca560ea496ce821c273c481e638ef65fa22d81d3179a8c1fbdeffbe23376
 SHA512 (tweak-3.02.tar.gz) = 4cf16eae1c48073ca77b0577585473288d7ecbc2d261a359db2cff372c1850cd809becb46bc745ac7d07e982d5eae9a0e0332402267ebab6b12cc952a02cff4e
 Size (tweak-3.02.tar.gz) = 71939 bytes
 SHA1 (patch-Makefile) = 43041b78d4bb28c84ab53792cbd39603c8ece038
+SHA1 (patch-keytab.c) = 369ec87681d21cc26f104ba5ef9cd59a2c99707a
 SHA1 (patch-rcfile.c) = 82bf8d167537de068650d3feaf5552ff7bb2be1b
diff -r df49ee1de1d2 -r 7df29d5161fd editors/tweak/patches/patch-keytab.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/editors/tweak/patches/patch-keytab.c      Mon Nov 01 21:33:26 2021 +0000
@@ -0,0 +1,95 @@
+$NetBSD: patch-keytab.c,v 1.1 2021/11/01 21:33:26 fcambus Exp $
+
+Fix buffer overflow in 'unknown key sequence' error report.
+
+Upstream commit ad97e1337e1e1df934b7f3674fa6c9f7e8eb603f.
+
+--- keytab.c.orig      2021-11-01 18:58:59.087368560 +0000
++++ keytab.c
+@@ -1,5 +1,6 @@
+ #include "tweak.h"
+ 
++#include <stdbool.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -61,16 +62,33 @@ void bind_key (char *sequence, int len, 
+ /*
+  * Format an ASCII code into a printable description of the key stroke.
+  */
+-static void strkey (char *s, int k) {
+-    k &= 255;                        /* force unsigned */
+-    if (k==27)
+-      strcpy(s, " ESC");
+-    else if (k<32 || k==127)
+-      sprintf(s, " ^%c", k ^ 64);
+-    else if (k<127)
+-      sprintf(s, " %c", k);
+-    else
+-      sprintf(s, " <0x%2X>", k);
++struct strkey_state {
++    char *s, *end;
++    bool truncated;
++};
++static void strkey (struct strkey_state *sks, int k) {
++    char thisbuf[32];
++
++    if (sks->truncated)
++        return;
++
++    if (sks->end - sks->s < 16) {
++        sks->truncated = true;
++        strcpy(thisbuf, " ...");
++    } else {
++        k &= 255;                            /* force unsigned */
++        if (k==27)
++            strcpy(thisbuf, " ESC");
++        else if (k<32 || k==127)
++            sprintf(thisbuf, " ^%c", k ^ 64);
++        else if (k<127)
++            sprintf(thisbuf, " %c", k);
++        else
++            sprintf(thisbuf, " <0x%2X>", k);
++    }
++
++    strcpy(sks->s, thisbuf);
++    sks->s += strlen(sks->s);
+ }
+ 
+ /*
+@@ -89,12 +107,18 @@ void proc_key (void) {
+     safe_update = FALSE;
+ #endif
+     strcpy(message, "Unknown key sequence");
+-    strkey(message+strlen(message), last_char);
++
++    struct strkey_state sks;
++    sks.s = message + strlen(message);
++    sks.end = message + sizeof(message);
++    sks.truncated = false;
++
++    strkey(&sks, last_char);
+     kt = base[(unsigned char) last_char];
+     if (!kt) {
+       display_beep();
+       while (display_input_to_flush())
+-          strkey(message+strlen(message), display_getkey());
++          strkey(&sks, display_getkey());
+       return;
+     }
+ 
+@@ -108,12 +132,12 @@ void proc_key (void) {
+ #if defined(unix) && !defined(GO32)
+       safe_update = FALSE;
+ #endif
+-      strkey(message+strlen(message), last_char);
++      strkey(&sks, last_char);
+       kt = kt->e.extended[(unsigned char) last_char];
+       if (!kt) {
+           display_beep();
+           while (display_input_to_flush())
+-              strkey(message+strlen(message), display_getkey());
++              strkey(&sks, display_getkey());
+           return;
+       }
+     }

Prev by Date: [pkgsrc/trunk]: pkgsrc/devel/py-pyparsing2 py-pyparsing2: mention python 2.x ...
Next by Date: [pkgsrc/trunk]: pkgsrc/textproc/py-markdown3 py-markdown3: mention Python 2.x...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/devel/py-pyparsing2 py-pyparsing2: mention python 2.x ...
Next by Thread: [pkgsrc/trunk]: pkgsrc/textproc/py-markdown3 py-markdown3: mention Python 2.x...
Indexes:

Home | Main Index | Thread Index | Old Index