Fix buffer overflow that allows privilege escalation for local users.

Approved by:	will (using his portmgr hat)
Obtained from:	Timo Sirainen <tss@iki.fi> on BUGTRAQ

3 files changed, 32 insertions, 1 deletions

diff --git a/misc/screen/Makefile b/misc/screen/Makefile
index 3a61402bf81c..dcff32bc96b3 100644
--- a/misc/screen/Makefile
+++ b/misc/screen/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	screen
 PORTVERSION=	4.0.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	misc
 MASTER_SITES=	ftp://ftp.uni-erlangen.de/pub/utilities/screen/ \
 		${MASTER_SITE_GNU}
diff --git a/misc/screen/files/patch-ansi.c b/misc/screen/files/patch-ansi.c
new file mode 100644
index 000000000000..dc5ba91b521a
--- /dev/null
+++ b/misc/screen/files/patch-ansi.c
@@ -0,0 +1,11 @@
+--- ansi.c.orig	Mon Sep  8 07:24:44 2003
++++ ansi.c	Mon Dec  1 17:17:17 2003
+@@ -559,7 +559,7 @@
+ 	    {
+ 	    case '0': case '1': case '2': case '3': case '4':
+ 	    case '5': case '6': case '7': case '8': case '9':
+-	      if (curr->w_NumArgs < MAXARGS)
++	      if (curr->w_NumArgs >= 0 && curr->w_NumArgs < MAXARGS)
+ 		{
+ 		  if (curr->w_args[curr->w_NumArgs] < 100000000)
+ 		    curr->w_args[curr->w_NumArgs] =
diff --git a/misc/screen/files/patch-resize.c b/misc/screen/files/patch-resize.c
new file mode 100644
index 000000000000..a2af125f12ff
--- /dev/null
+++ b/misc/screen/files/patch-resize.c
@@ -0,0 +1,20 @@
+--- resize.c.orig	Mon Sep  8 07:26:31 2003
++++ resize.c	Mon Dec  1 17:16:29 2003
+@@ -682,6 +682,17 @@
+   if (wi == 0)
+     he = hi = 0;
+ 
++  if (wi > 1000)
++    {
++      Msg(0, "Window width too large, truncated");
++      wi = 1000;
++    }
++  if (he > 1000)
++    {
++      Msg(0, "Window height too large, truncated");
++      he = 1000;
++    }
++
+   if (p->w_width == wi && p->w_height == he && p->w_histheight == hi)
+     {
+       debug("ChangeWindowSize: No change.\n");