aboutsummaryrefslogtreecommitdiffstats
path: root/x11-wm
diff options
context:
space:
mode:
Diffstat (limited to 'x11-wm')
-rw-r--r--x11-wm/spectrwm/Makefile3
-rw-r--r--x11-wm/spectrwm/files/ea3e6da-oob-fix.patch30
2 files changed, 33 insertions, 0 deletions
diff --git a/x11-wm/spectrwm/Makefile b/x11-wm/spectrwm/Makefile
index 25208cb97f3c..ebe1e6baa482 100644
--- a/x11-wm/spectrwm/Makefile
+++ b/x11-wm/spectrwm/Makefile
@@ -4,6 +4,7 @@
PORTNAME= spectrwm
DISTVERSIONPREFIX= SPECTRWM_
DISTVERSION= 3_1_0
+PORTREVISION= 1
CATEGORIES= x11-wm
MAINTAINER= zeising@FreeBSD.org
@@ -36,6 +37,8 @@ CONFEXAMPLES= spectrwm_cz.conf \
SCRIPTEXAMPLES= baraction.sh \
screenshot.sh
+EXTRA_PATCHES= ${FILESDIR}/ea3e6da-oob-fix.patch
+
post-patch:
@${REINPLACE_CMD} -e 's|/etc/|${PREFIX}/etc/|g' ${WRKSRC}/spectrwm.*
diff --git a/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch b/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch
new file mode 100644
index 000000000000..3c539ffae7af
--- /dev/null
+++ b/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch
@@ -0,0 +1,30 @@
+From ea3e6da62247572e92c4ba00f70eab73f6254adf Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Sat, 14 Oct 2017 10:22:31 +0200
+Subject: [PATCH] Fix OOB while reading bar input.
+
+If the status bar script returns NUL as the first character through
+stdin, spectrwm is prone to an out of boundary access. Depending on
+the memory layout of the machine, it could turn into an OOB write.
+
+The fix is simple: If the string is empty, do not further check for
+newline character.
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+---
+ spectrwm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/spectrwm.c b/spectrwm.c
+index 9d3ec23..9b0ad2c 100644
+--- spectrwm.c
++++ spectrwm.c
+@@ -2761,7 +2761,7 @@ bar_extra_update(void)
+ while (fgets(b, sizeof(b), stdin) != NULL) {
+ if (bar_enabled) {
+ len = strlen(b);
+- if (b[len - 1] == '\n') {
++ if (len > 0 && b[len - 1] == '\n') {
+ /* Remove newline. */
+ b[--len] = '\0';
+