sergiotarxz/termux-packages
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

newsboat: add upstream patch to fix buffer overflow

Browse Source 
This fixes issue with overflow when adding terminating null byte
properly, without increasing buffer size.
This commit is contained in:
Henrik Grimler 2021-09-09 09:42:35 +02:00
parent 949eb90988
commit 69c4673016
No known key found for this signature in database
GPG Key ID: B0076E490B71616B
3 changed files with 24 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/newsboat/build.sh
View File

@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="RSS/Atom feed reader for the text console"
TERMUX_PKG_LICENSE="MIT" TERMUX_PKG_LICENSE="MIT"
TERMUX_PKG_MAINTAINER="@termux" TERMUX_PKG_MAINTAINER="@termux"
TERMUX_PKG_VERSION=2.24 TERMUX_PKG_VERSION=2.24
TERMUX_PKG_REVISION=1 TERMUX_PKG_REVISION=2
TERMUX_PKG_SRCURL=https://newsboat.org/releases/${TERMUX_PKG_VERSION}/newsboat-${TERMUX_PKG_VERSION}.tar.xz TERMUX_PKG_SRCURL=https://newsboat.org/releases/${TERMUX_PKG_VERSION}/newsboat-${TERMUX_PKG_VERSION}.tar.xz
TERMUX_PKG_SHA256=62420688cca25618859548d10ff6df9ac75b9cf766699f37edd3e324d67c6ffb TERMUX_PKG_SHA256=62420688cca25618859548d10ff6df9ac75b9cf766699f37edd3e324d67c6ffb
TERMUX_PKG_DEPENDS="libc++, libiconv, libandroid-support, libandroid-glob, json-c, libsqlite, libcurl, libxml2, stfl, ncurses, openssl" TERMUX_PKG_DEPENDS="libc++, libiconv, libandroid-support, libandroid-glob, json-c, libsqlite, libcurl, libxml2, stfl, ncurses, openssl"

21
packages/newsboat/mbc-buffer-length-fix.patch
View File

@ -1,21 +0,0 @@
diff -uNr newsboat-2.24/src/tagsouppullparser.cpp newsboat-2.24.mod/src/tagsouppullparser.cpp
--- newsboat-2.24/src/tagsouppullparser.cpp 2021-06-20 20:40:09.000000000 +0300
+++ newsboat-2.24.mod/src/tagsouppullparser.cpp 2021-09-08 23:50:47.207115677 +0300
@@ -445,7 +445,7 @@
if (s.length() > 1 && s[0] == '#') {
std::string result;
unsigned int wc;
- char mbc[MB_LEN_MAX];
+ char mbc[16];
mbc[0] = '\0';
if (s[1] == 'x') {
s.erase(0, 2);
@@ -499,7 +499,7 @@
} else {
for (unsigned int i = 0; entity_table[i].entity; ++i) {
if (s == entity_table[i].entity) {
- char mbc[MB_LEN_MAX];
+ char mbc[16];
const int pos = wcrtomb(mbc, entity_table[i].value, &mb_state);
if (pos == -1) {
return std::string();

23
packages/newsboat/mbc_write.patch Normal file
View File

@ -0,0 +1,23 @@
commit dcced88a134f79cc5ccbe36ed5be51d73bd8f356
Author: mcz <emcze@ya.ru>
Date: Sun Aug 22 20:50:26 2021 +0200
Fix write outside of bounds
Adding terminating '\0' to the mbc results in a crash when pos == MB_LEN_MAX,
which is true for 4-byte characters and musl.
diff --git a/src/tagsouppullparser.cpp b/src/tagsouppullparser.cpp
index de62d3ec..da0aabed 100644
--- a/src/tagsouppullparser.cpp
+++ b/src/tagsouppullparser.cpp
@@ -485,8 +485,7 @@ std::string TagSoupPullParser::decode_entity(std::string s)
const int pos = wcrtomb(mbc, static_cast<wchar_t>(wc), &mb_state);
if (pos > 0) {
- mbc[pos] = '\0';
- result.append(mbc);
+ result.append(mbc, pos);
}
LOG(Level::DEBUG,
"TagSoupPullParser::decode_entity: wc = %u pos = %d "