Package: minicom / 2.7-1.1

CVE-2017-7467.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# HG changeset patch
# User Adam Lackorzynski <adam@os.inf.tu-dresden.de>
# Date 1492510834 -7200
# Node ID c33d24938f3ed3dc2b7d328fe255794468a814eb
# Parent  c72edf0e43bca463239ea15594d128ecbc0d2574
Fix CVE-2017-7467, a remote exploitalbe out of bound access

This fixes an out of bounds data access that can lead to a
remotely exploitable code execution.

This issue was found by Solar Designer of Openwall during a
security audit of the Virtuozzo 7 product, which contains
derived downstream code in its prl-vzvncserver component.
The corresponding Virtuozzo 7 fix is:

https://src.openvz.org/projects/OVZ/repos/prl-vzvncserver/commits/6d95404e75b98f36b1cc85ee23df99dcf06ca13f

Openwall would like to thank the Virtuozzo company for
funding the effort.

diff -r c72edf0e43bc -r c33d24938f3e src/vt100.c
--- a/src/vt100.c	Sat Sep 17 02:17:37 2016 +0200
+++ b/src/vt100.c	Tue Apr 18 12:20:34 2017 +0200
@@ -428,7 +428,7 @@
   }
   /* Separation between numbers ? */
   if (c == ';') {
-    if (ptr < 15)
+    if (ptr < (int)ARRAY_SIZE(escparms) - 1)
       ptr++;
     return;
   }