CVE and crash fix for korean/hanterm-xf

Todd Carson Tue, 15 Mar 2011 20:04:57 -0700

This adds two patches.
One fixes a crash at runtime on amd64, sparc64, and possibly other 64-bit
machines.
The other is a fix for a two year-old xterm command injection bug, CVE
2008-2383.


I took the latter from a report on the upstream bug tracker. The project
appears to be dead, so they never committed the CVE fix.

I contacted MAINTAINER first and was told to send it to ports@.

Index: Makefile
===================================================================
RCS file: /cvs/ports/korean/hanterm-xf/Makefile,v
retrieving revision 1.17
diff -N -p -u Makefile
--- Makefile    24 Oct 2010 21:23:04 -0000      1.17
+++ Makefile    4 Mar 2011 01:20:02 -0000
@@ -6,7 +6,7 @@ V=              2.0.6-177
 DISTNAME=      hanterm-xf-$V
 CATEGORIES=    korean
 PKGNAME=       hanterm-xf-${V:S/-/./}
-REVISION=      0
+REVISION=      1
 
 MASTER_SITES=  http://kldp.net/frs/download.php/3281/
 HOMEPAGE=      http://hanterm-xf.kldp.net
Index: patches/patch-charproc_c
===================================================================
RCS file: patches/patch-charproc_c
diff -N -p -u patches/patch-charproc_c
--- /dev/null   3 Mar 2011 18:20:02 -0000
+++ patches/patch-charproc_c    4 Mar 2011 01:20:02 -0000
@@ -0,0 +1,50 @@
+$OpenBSD$
+--- charproc.c.orig    Wed Mar  2 22:39:44 2011
++++ charproc.c Wed Mar  2 23:01:35 2011
+@@ -6979,12 +6979,12 @@ g_utf8_validate (const char  *str,
+ }
+ 
+ int
+-from_utf8(char *utf8, int len, char *ksc)
++from_utf8(char *utf8, size_t len, char *ksc)
+ {
+     char * tmp = alloca(len);
+     char *out = tmp;
+-    int out_len = len;
+-    int vlen;
++    size_t out_len = len;
++    size_t vlen;
+     char *vs, *end;
+ 
+     if (!from_utf8_cd) {
+@@ -7004,7 +7004,7 @@ from_utf8(char *utf8, int len, char *ksc)
+ 
+     do {
+       ICONV_CONST char *in_p = (ICONV_CONST char *) utf8;
+-      int iconv_len = iconv(from_utf8_cd, &in_p, 
++      size_t iconv_len = iconv(from_utf8_cd, &in_p, 
+                             &len, &out, &out_len);
+       if (iconv_len < 0) {
+           int utf8_bytes;
+@@ -7037,10 +7037,10 @@ from_utf8(char *utf8, int len, char *ksc)
+ }
+ 
+ int
+-to_utf8(char *ksc, int len, char *utf8)
++to_utf8(char *ksc, size_t len, char *utf8)
+ {
+     char *out = utf8;
+-    int out_len = len * 2;
++    size_t out_len = len * 2;
+     ICONV_CONST char *in_p;
+ 
+     if (!to_utf8_cd) {
+@@ -7049,7 +7049,7 @@ to_utf8(char *ksc, int len, char *utf8)
+       to_utf8_cd = iconv_open("UTF-8", "EUC-KR");
+     }
+     if (0) {
+-      int i;
++      size_t i;
+       for(i=0;i<len;i++) {
+           if (ksc[i] & 0x80) {
+               char c = ksc[i+1];
Index: patches/patch-misc_c
===================================================================
RCS file: patches/patch-misc_c
diff -N -p -u patches/patch-misc_c
--- /dev/null   3 Mar 2011 18:20:02 -0000
+++ patches/patch-misc_c        4 Mar 2011 01:20:02 -0000
@@ -0,0 +1,67 @@
+$OpenBSD$
+fix for CVE 2008-2383
+from http://soojung.kldp.net/projects/hanterm-xf/issue/305253
+--- misc.c.orig        Thu Mar 30 00:10:51 2006
++++ misc.c     Wed Mar  2 23:11:14 2011
+@@ -1443,10 +1443,6 @@ do_osc(Char * oscbuf, int len GCC_UNUSED, int final)
+     case 2:                   /* new title only */
+       Changetitle(buf);
+       break;
+-
+-    case 3:                   /* change X property */
+-      ChangeXprop(buf);
+-      break;
+ #if OPT_ISO_COLORS
+     case 4:
+       ChangeAnsiColorRequest(term, buf, final);
+@@ -1492,6 +1488,7 @@ do_osc(Char * oscbuf, int len GCC_UNUSED, int final)
+ #endif /* ALLOWLOGGING */
+ 
+     case 50:
++#if 0
+       if (buf != 0 && !strcmp(buf, "?")) {
+           int num = screen->menu_font_number;
+ 
+@@ -1544,6 +1541,7 @@ do_osc(Char * oscbuf, int len GCC_UNUSED, int final)
+           }
+           SetVTFont(fontMenu_fontescape, True, VT_FONTSET(buf, NULL, NULL, 
NULL));
+       }
++#endif
+       break;
+     case 51:
+       /* reserved for Emacs shell (Rob Myoff <may...@dqd.com>) */
+@@ -1706,14 +1704,17 @@ do_dcs(Char * dcsbuf, size_t dcslen)
+           } else
+               okay = False;
+ 
+-          unparseputc1(DCS, screen->respond);
+-          unparseputc(okay ? '1' : '0', screen->respond);
+-          unparseputc('$', screen->respond);
+-          unparseputc('r', screen->respond);
+-          if (okay)
++          if (okay) {
++              unparseputc1(DCS, screen->respond);
++              unparseputc(okay ? '1' : '0', screen->respond);
++              unparseputc('$', screen->respond);
++              unparseputc('r', screen->respond);
+               cp = reply;
+-          unparseputs(cp, screen->respond);
+-          unparseputc1(ST, screen->respond);
++              unparseputs(cp, screen->respond);
++              unparseputc1(ST, screen->respond);
++          } else {
++              unparseputc(CAN, screen->respond);
++          }
+       } else {
+           unparseputc(CAN, screen->respond);
+       }
+@@ -1763,7 +1764,8 @@ do_dcs(Char * dcsbuf, size_t dcslen)
+       break;
+ #endif
+     default:
+-      if (isdigit(CharOf(*cp))) {     /* digits are DECUDK, otherwise ignore 
*/
++      /* VT220; digits are DECUDK, otherwise ignore */
++      if (screen->terminal_id >= 200 && isdigit(CharOf(*cp))) {
+           clear_all = True;
+           lock_keys = True;
+

CVE and crash fix for korean/hanterm-xf

Reply via email to