File vte-CVE-2011-2198.patch of Package vte
From ac71d26f067be3a21bff315c3cabf24c94360dd6 Mon Sep 17 00:00:00 2001
From: Christian Persch <chpe@gnome.org>
Date: Fri, 10 Jun 2011 15:31:58 +0000
Subject: [CVE-2011-2198] Limit insert-blank-characters
Bug #652124.
---
diff --git a/src/vteseq.c b/src/vteseq.c
index 3fff7e8..7ef4c8c 100644
--- a/src/vteseq.c
+++ b/src/vteseq.c
@@ -532,9 +532,10 @@ vte_sequence_handler_offset(VteTerminal *terminal,
/* Call another function a given number of times, or once. */
static void
-vte_sequence_handler_multiple(VteTerminal *terminal,
- GValueArray *params,
- VteTerminalSequenceHandler handler)
+vte_sequence_handler_multiple_limited(VteTerminal *terminal,
+ GValueArray *params,
+ VteTerminalSequenceHandler handler,
+ glong max)
{
long val = 1;
int i;
@@ -544,13 +545,29 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
value = g_value_array_get_nth(params, 0);
if (G_VALUE_HOLDS_LONG(value)) {
val = g_value_get_long(value);
- val = MAX(val, 1); /* FIXME: vttest. */
+ val = CLAMP(val, 1, max); /* FIXME: vttest. */
}
}
for (i = 0; i < val; i++)
handler (terminal, NULL);
}
+static void
+vte_sequence_handler_multiple(VteTerminal *terminal,
+ GValueArray *params,
+ VteTerminalSequenceHandler handler)
+{
+ vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
+}
+
+static void
+vte_sequence_handler_multiple_r(VteTerminal *terminal,
+ GValueArray *params,
+ VteTerminalSequenceHandler handler)
+{
+ vte_sequence_handler_multiple_limited(terminal, params, handler,
+ terminal->column_count - terminal->pvt->screen->cursor_current.col);
+}
/* Manipulate certain terminal attributes. */
static void
@@ -1570,7 +1587,7 @@ vte_sequence_handler_ic (VteTerminal *terminal, GValueArray *params)
static void
vte_sequence_handler_IC (VteTerminal *terminal, GValueArray *params)
{
- vte_sequence_handler_multiple(terminal, params, vte_sequence_handler_ic);
+ vte_sequence_handler_multiple_r(terminal, params, vte_sequence_handler_ic);
}
/* Begin insert mode. */
--
cgit v0.9.0.2
