Indeed, the test
strlen(home) > MAXPATHLEN - 8
is not sufficient due to the terminating null character
(if home has length MAXPATHLEN - 8, then MAXPATHLEN + 1
characters are written, which is larger than the buffer
size MAXPATHLEN).
See also:
b4e5968f0b
bug #63634
Instead of hard-coded tables, screen should use the standard
wcwdith() function, which will ensure consistency with other
software that already uses it (the real terminal and perhaps
libraries like ncurses).
We pass (1, 0) to calloc().
The ACLBYTE macro will return &NULL[(0 + 1) >> 3] equals 0.
On some systems (including OpenBSD) this will return
a zero sized object: a unique pointer that points to
unaccessable memory. This is permitted by the standards.
The chmod function comes from the header file sys/stat.h
which was not included in the source file display.c,
and thus the error.
This patch should fix the build error.
Signed-off-by: Brahmajit Das <brahmajit.xyz@gmail.com>
When run as setuid root, one can send a query message to the
privileged screen process via its unix socket in order to force
it to send SIGHUP to a PID that can be freely specified in the
query packet.
Processes that do not explicitly handle SIGHUP will simply terminate.
Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
As documented in libutempter:
"During execution of the privileged process spawned by these
functions, SIGCHLD signal handler will be temporarily set to
the default action."
Thus in case a SIGCHLD has been lost, we send a SIGCHLD to
oneself in order to avoid zombies:
https://savannah.gnu.org/bugs/?25089
It allows remote attackers to cause a denial of service
(invalid write access and application crash) or possibly
have unspecified other impact via a crafted UTF-8
character sequence.
bugfix: https://savannah.gnu.org/bugs/?60030
Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
A cross-reference was intended to be placed inside parentheses,
but the closing parenthesis was forgotten; this commit inserts
that missing closing parenthesis.
Commit 7059bff expands index range of "typ2" by one without expanding
affected arrays. d_xtermosc in struct display is one of these.
Related: 7059bff20a
(ansi: add support for xterm OSC 11)
Related: eb2be1adf9
(Fix out of bounds access when setting w_xtermosc after OSC 49)
Signed-off-by: Václav Doležal <vdolezal@redhat.com>
echo -e "\e]49\e; \n\ec"
crashes screen.
This happens because 49 is divided by 10 and used as table index
resulting in access to w_xtermosc[4], which is out of bounds with table
itself being size 4. Increase size of table by 1 to 5, which is enough
for all current uses.
As this overwrites memory based on user input it is potential security
issue.
Reported-by: pippin@gimp.org
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
If there is no event timeout set just wait for 1 second instead of
setting poll timeout to 0.
Bug: 57697
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
* src/tests/test-winmsgbuf.c (main): Replace alloca with malloc/free
to prevent the following warning: tests/test-winmsgbuf.c:298:19:\
warning: implicit declaration of function ‘alloca’; did you mean \
‘calloc’?
* src/tests/test-winmsgbuf.c:45: make char * const
This avoids the following warning:
tests/test-winmsgbuf.c:45:17: warning: initialization of\
‘char *[...]'from incompatible pointer type ‘const char *[...]'
If wmc_else() is called after wmb_expand() it can overwrite pointer to
old value. To avoid this issue refactor condition code to use offset
into parsed string instead.
Reported-by: pippin@gimp.org
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
