svn commit: r452545 - in branches/2017Q4/x11-wm/spectrwm: . files

Niclas Zeising zeising at FreeBSD.org
Fri Oct 20 17:13:37 UTC 2017 

Author: zeising
Date: Fri Oct 20 17:13:35 2017
New Revision: 452545
URL: https://svnweb.freebsd.org/changeset/ports/452545

Log:
  MFH: r452308
  
  Fix out of bounds memory read when reading bar input.
  
  Add patch from upstream git that fixes an out of bounds read and possible
  write if the bar action script returns a NULL as the first character.
  
  It is unclear if this can cause any security issues, but I feel it's prudent
  to fix the issue.
  
  Approved by:	portmgr (swills)

Added:
  branches/2017Q4/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch
     - copied unchanged from r452308, head/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch
Modified:
  branches/2017Q4/x11-wm/spectrwm/Makefile
Directory Properties:
  branches/2017Q4/   (props changed)

Modified: branches/2017Q4/x11-wm/spectrwm/Makefile
==============================================================================
--- branches/2017Q4/x11-wm/spectrwm/Makefile	Fri Oct 20 17:13:00 2017	(r452544)
+++ branches/2017Q4/x11-wm/spectrwm/Makefile	Fri Oct 20 17:13:35 2017	(r452545)
@@ -4,6 +4,7 @@
 PORTNAME=	spectrwm
 DISTVERSIONPREFIX=	SPECTRWM_
 DISTVERSION=	3_0_2
+PORTREVISION=	1
 CATEGORIES=	x11-wm
 
 MAINTAINER=	zeising at FreeBSD.org
@@ -28,6 +29,8 @@ PORTEXAMPLES=	spectrwm_cz.conf \
 		spectrwm_fr_ch.conf \
 		spectrwm_se.conf \
 		spectrwm_us.conf
+
+EXTRA_PATCHES= ${FILESDIR}/ea3e6da-oob-fix.patch
 
 post-patch:
 	@${REINPLACE_CMD} -e 's|/etc/|${PREFIX}/etc/|g' ${WRKSRC}/spectrwm.*

Copied: branches/2017Q4/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch (from r452308, head/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q4/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch	Fri Oct 20 17:13:35 2017	(r452545, copy of r452308, head/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch)
@@ -0,0 +1,30 @@
+From ea3e6da62247572e92c4ba00f70eab73f6254adf Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias at stoeckmann.org>
+Date: Sat, 14 Oct 2017 10:22:31 +0200
+Subject: [PATCH] Fix OOB while reading bar input.
+
+If the status bar script returns NUL as the first character through
+stdin, spectrwm is prone to an out of boundary access. Depending on
+the memory layout of the machine, it could turn into an OOB write.
+
+The fix is simple: If the string is empty, do not further check for
+newline character.
+
+Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
+---
+ spectrwm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/spectrwm.c b/spectrwm.c
+index 9d3ec23..9b0ad2c 100644
+--- spectrwm.c
++++ spectrwm.c
+@@ -2761,7 +2761,7 @@ bar_extra_update(void)
+ 	while (fgets(b, sizeof(b), stdin) != NULL) {
+ 		if (bar_enabled) {
+ 			len = strlen(b);
+-			if (b[len - 1] == '\n') {
++			if (len > 0 && b[len - 1] == '\n') {
+ 				/* Remove newline. */
+ 				b[--len] = '\0';
+

More information about the svn-ports-branches mailing list