[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch



Sven Joachim dixit:

>I see that this might be a problem (albeit unlikely to happen in
>practice), however I have trouble understanding exactly where a
>use-after-realloc bug comes into play.  Maybe Thorsten can help me fix
>my blindness?

The next time something is selected, the code a little further
up will check if the allocated size is sufficient, and, if so,
use screen->selection_data which was the pre-realloc address of
line.

>> I am glad and surprised that sid is okay and there doesn't seem to be

The code in sid completely differs (structures, variable names, etc).

>suggestion you could also apply the patches to the SaltTextAway()
>function from xterm 365e.

If 365e is like 366 (currently in sid), you’ll have lots of fun due
to the renamed everything.

I’d rather Tom changed xterm upstream to address the realloc-failure
difference. I know he reads Debian bugreports ;-) and he’s really
busy so probably takes longer to respond.

bye,
//mirabilos
-- 
>> Why don't you use JavaScript? I also don't like enabling JavaScript in
> Because I use lynx as browser.
+1
	-- Octavio Alvarez, me and ⡍⠁⠗⠊⠕ (Mario Lang) on debian-devel


Reply to: