main/screen: security fix for CVE-2015-6806

2 files changed, 61 insertions, 5 deletions

diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD
index bd11d1c1ef..5c385b70bb 100644
--- a/main/screen/APKBUILD
+++ b/main/screen/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=screen
 pkgver=4.2.1
-pkgrel=2
+pkgrel=3
 pkgdesc="A window manager that multiplexes a physical terminal"
 url="http://ftp.gnu.org/gnu/screen/"
 arch="all"
@@ -11,7 +11,8 @@ depends=""
 makedepends="ncurses-dev"
 install=""
 subpackages="$pkgname-doc"
-source="http://ftp.gnu.org/gnu/screen/$pkgname-$pkgver.tar.gz"
+source="http://ftp.gnu.org/gnu/screen/$pkgname-$pkgver.tar.gz
+	CVE-2015-6806.patch"
 
 _builddir="$srcdir"/screen-$pkgver
 prepare() {
@@ -47,6 +48,9 @@ package() {
 	install -Dm644 etc/screenrc "$pkgdir"/etc/skel/.screenrc || return 1
 }
 
-md5sums="419a0594e2b25039239af8b90eda7d92  screen-4.2.1.tar.gz"
-sha256sums="5468545047e301d2b3579f9d9ce00466d14a7eec95ce806e3834a3d6b0b9b080  screen-4.2.1.tar.gz"
-sha512sums="30826b2a2fc436483276b90cc4c6679470f7ccb7098c9bb8457d0e534998cd12da02882cf80678465f6540cade170c3fdc6bdfa31b07359ff0d3ffe2d6063710  screen-4.2.1.tar.gz"
+md5sums="419a0594e2b25039239af8b90eda7d92  screen-4.2.1.tar.gz
+5fb8b0a58ef4a2a75d7dddb453994cce  CVE-2015-6806.patch"
+sha256sums="5468545047e301d2b3579f9d9ce00466d14a7eec95ce806e3834a3d6b0b9b080  screen-4.2.1.tar.gz
+9383316bce6ce479dfd3eca238956e321b80885bd0e720d47f1f37693334b9cd  CVE-2015-6806.patch"
+sha512sums="30826b2a2fc436483276b90cc4c6679470f7ccb7098c9bb8457d0e534998cd12da02882cf80678465f6540cade170c3fdc6bdfa31b07359ff0d3ffe2d6063710  screen-4.2.1.tar.gz
+7ee87aaf5e10a60b37558f5bea85718703b2b95a4a3c43c0cd4c6f48ddd7bf1c5c582017a41681d8f9243049009c9f43678f37b826c188add501168e289ce2f1  CVE-2015-6806.patch"
diff --git a/main/screen/CVE-2015-6806.patch b/main/screen/CVE-2015-6806.patch
new file mode 100644
index 0000000000..24a013b8eb
--- /dev/null
+++ b/main/screen/CVE-2015-6806.patch
@@ -0,0 +1,52 @@
+Origin: commit b7484c224738247b510ed0d268cd577076958f1b
+Author: Kuang-che Wu <kcwu@csie.org>
+Bug: https://savannah.gnu.org/bugs/?45713
+Bug-Debian: http://bugs.debian.org/797624
+Description: Fix stack overflow due to too deep recursion
+ How to reproduce:
+ Run this command inside screen
+ $ printf '\x1b[10000000T'
+ .   
+ screen will recursively call MScrollV to depth n/256.
+ This is time consuming and will overflow stack if n is huge.
+
+diff --git a/ansi.c b/ansi.c
+index a342fb1..152d2ef 100644
+--- a/ansi.c
++++ b/ansi.c
+@@ -2502,13 +2502,13 @@ int n, ys, ye, bce;
+     return;
+   if (n > 0)
+     {
++      if (ye - ys + 1 < n)
++	n = ye - ys + 1;
+       if (n > 256)
+ 	{
+ 	  MScrollV(p, n - 256, ys, ye, bce);
+ 	  n = 256;
+ 	}
+-      if (ye - ys + 1 < n)
+-	n = ye - ys + 1;
+ #ifdef COPY_PASTE
+       if (compacthist)
+ 	{
+@@ -2562,14 +2562,14 @@ int n, ys, ye, bce;
+     }
+   else
+     {
+-      if (n < -256)
+-	{
+-	  MScrollV(p, n + 256, ys, ye, bce);
+-	  n = -256;
+-	}
+       n = -n;
+       if (ye - ys + 1 < n)
+ 	n = ye - ys + 1;
++      if (n > 256)
++	{
++	  MScrollV(p, - (n - 256), ys, ye, bce);
++	  n = 256;
++	}
+ 
+       ml = p->w_mlines + ye;
+       /* Clear lines */