File ncurses-5.9-bsc1046853_1046858.dif of Package ncurses.6136

Based on patch 20170701 for ncurses 6.0
Fixes for CVE-2017-10684 and CVE-2017-10685

---
 ncurses/tinfo/alloc_entry.c |    6 +++-
 ncurses/tinfo/parse_entry.c |   22 +++++++++--------
 progs/dump_entry.c          |   56 +++++++++++++++++++++++++++++++++++---------
 3 files changed, 62 insertions(+), 22 deletions(-)

--- ncurses/tinfo/alloc_entry.c
+++ ncurses/tinfo/alloc_entry.c	2017-07-19 13:31:12.688001104 +0000
@@ -96,7 +96,11 @@ _nc_save_str(const char *const string)
 {
     char *result = 0;
     size_t old_next_free = next_free;
-    size_t len = strlen(string) + 1;
+    size_t len;
+
+    if (string == 0)
+	return _nc_save_str("");
+    len = strlen(string) + 1;
 
     if (len == 1 && next_free != 0) {
 	/*
--- ncurses/tinfo/parse_entry.c
+++ ncurses/tinfo/parse_entry.c	2017-07-19 13:31:12.688001104 +0000
@@ -236,13 +236,14 @@ _nc_parse_entry(struct entry *entryp, in
      * implemented it.  Note that the resulting terminal type was never the
      * 2-character name, but was instead the first alias after that.
      */
+#define ok_TC2(s) (isgraph(UChar(s)) && (s) != '|')
     ptr = _nc_curr_token.tk_name;
     if (_nc_syntax == SYN_TERMCAP
 #if NCURSES_XNAMES
 	&& !_nc_user_definable
 #endif
 	) {
-	if (ptr[2] == '|') {
+	if (ok_TC2(ptr[0]) && ok_TC2(ptr[1]) && ptr[2] == '|') {
 	    ptr += 3;
 	    _nc_curr_token.tk_name[2] = '\0';
 	}
@@ -284,9 +285,11 @@ _nc_parse_entry(struct entry *entryp, in
 	if (is_use || is_tc) {
 	    entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
 	    entryp->uses[entryp->nuses].line = _nc_curr_line;
-	    entryp->nuses++;
-	    if (entryp->nuses > 1 && is_tc) {
-		BAD_TC_USAGE
+	    if (VALID_STRING(entryp->uses[entryp->nuses].name)) {
+		entryp->nuses++;
+		if (entryp->nuses > 1 && is_tc) {
+		    BAD_TC_USAGE
+		}
 	    }
 	} else {
 	    /* normal token lookup */
@@ -571,7 +574,7 @@ append_acs0(string_desc * dst, int code,
 static void
 append_acs(string_desc * dst, int code, char *src)
 {
-    if (src != 0 && strlen(src) == 1) {
+    if (VALID_STRING(src) && strlen(src) == 1) {
 	append_acs0(dst, code, *src);
     }
 }
@@ -829,15 +832,14 @@ postprocess_termcap(TERMTYPE *tp, bool h
 	    }
 
 	    if (tp->Strings[to_ptr->nte_index]) {
+		const char *s = tp->Strings[from_ptr->nte_index];
+		const char *t = tp->Strings[to_ptr->nte_index];
 		/* There's no point in warning about it if it's the same
 		 * string; that's just an inefficiency.
 		 */
-		if (strcmp(
-			      tp->Strings[from_ptr->nte_index],
-			      tp->Strings[to_ptr->nte_index]) != 0)
+		if (VALID_STRING(s) && VALID_STRING(t) && strcmp(s, t) != 0)
 		    _nc_warning("%s (%s) already has an explicit value %s, ignoring ko",
-				ap->to, ap->from,
-				_nc_visbuf(tp->Strings[to_ptr->nte_index]));
+				ap->to, ap->from, t);
 		continue;
 	    }
 
--- progs/dump_entry.c
+++ progs/dump_entry.c	2017-07-19 13:26:24.086940008 +0000
@@ -427,6 +427,22 @@ wrap_concat(const char *src)
     column += (int) need;
 }
 
+static void
+wrap_termap(const char *a, const char *b, const char *c)
+{
+    size_t need = strlen(a)+strlen(b)+strlen(c);
+    size_t want = strlen(separator)+need;
+    if (column > INDENT
+	&& column + (int) want > width) {
+	force_wrap();
+    }
+    strcpy_DYN(&outbuf, a);
+    strcpy_DYN(&outbuf, b);
+    strcpy_DYN(&outbuf, c);
+    strcpy_DYN(&outbuf, separator);
+    column += (int) need;
+}
+
 #define IGNORE_SEP_TRAIL(first,last,sep_trail) \
 	if ((size_t)(last - first) > sizeof(sep_trail)-1 \
 	 && !strncmp(first, sep_trail, sizeof(sep_trail)-1)) \
@@ -609,9 +625,10 @@ fmt_entry(TERMTYPE *tterm,
     PredIdx num_strings = 0;
     bool outcount = 0;
 
-#define WRAP_CONCAT	\
-	wrap_concat(buffer); \
-	outcount = TRUE
+#define WRAP_CONCAT1(s)		wrap_concat(s); outcount = TRUE
+#define WRAP_CONCAT2(a,b)	wrap_concat(a); WRAP_CONCAT1(b)
+#define WRAP_CONCAT3(a,b,c)	wrap_concat(a); WRAP_CONCAT2(b,c)
+#define WRAP_CONCAT		WRAP_CONCAT1(buffer)
 
     len = 12;			/* terminfo file-header */
 
@@ -802,13 +819,26 @@ fmt_entry(TERMTYPE *tterm,
 			_nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer))
 				    "%s=!!! %s WILL NOT CONVERT !!!",
 				    name, srccap);
+			WRAP_CONCAT;
 		    } else if (suppress_untranslatable) {
 			continue;
 		    } else {
 			char *s = srccap, *d = buffer;
-			_nc_SPRINTF(d, _nc_SLIMIT(sizeof(buffer)) "..%s=", name);
-			d += strlen(d);
+			if (infodump) {
+			    WRAP_CONCAT3("..", name, "=");
+			} else {
+			    wrap_termap("..", name, "=");
+			    outcount = TRUE;
+			}
 			while ((*d = *s++) != 0) {
+			    if ((d - buffer + 1) >= (int) sizeof(buffer)) {
+				fprintf(stderr,
+					"%s: value for %s is too long\n",
+					_nc_progname,
+					name);
+				*d = '\0';
+				break;
+			    }
 			    if (*d == ':') {
 				*d++ = '\\';
 				*d = ':';
@@ -817,13 +847,17 @@ fmt_entry(TERMTYPE *tterm,
 			    }
 			    d++;
 			}
+			WRAP_CONCAT;
 		    }
 		} else {
-		    _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer))
-				"%s=%s", name, cv);
+		    if (infodump) {
+			WRAP_CONCAT3(name, "=", cv);
+		    } else {
+			wrap_termap(name, "=", cv);
+			outcount = TRUE;
+		    }
 		}
 		len += (int) strlen(capability) + 1;
-		WRAP_CONCAT;
 	    } else {
 		char *src = _nc_tic_expand(capability,
 					   outform == F_TERMINFO, numbers);
@@ -839,8 +873,7 @@ fmt_entry(TERMTYPE *tterm,
 		    strcpy_DYN(&tmpbuf, src);
 		}
 		len += (int) strlen(capability) + 1;
-		wrap_concat(tmpbuf.text);
-		outcount = TRUE;
+		WRAP_CONCAT1(tmpbuf.text);
 	    }
 	}
 	/* e.g., trimmed_sgr0 */
@@ -1203,7 +1236,8 @@ dump_entry(TERMTYPE *tterm,
 		}
 		if (len > critlen) {
 		    (void) fprintf(stderr,
-				   "warning: %s entry is %d bytes long\n",
+				   "%s: %s entry is %d bytes long\n",
+				   _nc_progname,
 				   _nc_first_name(tterm->term_names),
 				   len);
 		    SHOW_WHY("# WARNING: this entry, %d bytes long, may core-dump %s libraries!\n",
openSUSE Build Service is sponsored by