ports/sysutils/screen-devel/files/patch-os.h
Cy Schubert 1c7e0fd32c sysutils/screen*: Fix off-by-one buffer overflow
FreeBSD ncurses, as of c8b9c85ee5bb, does a strncpy() of 1024 bytes into
a 1023 byte buffer supplied by screen. This section of code in ncurses
was removed in 61f66a1f4403, and is not a problem since 14.0-RELEASE.
But it is still a problem in 13-STABLE.

Thank you to dim@ for detailed analysis and initial patch to
sysutils/screen. The same patch is also applied to sysutils/screen-devel
this commit.

PR:		280868
MFH:		2024Q3
2024-08-19 09:05:38 -07:00

19 lines
472 B
C

--- os.h.orig 2024-07-27 07:09:11.000000000 -0700
+++ os.h 2024-08-19 08:47:21.152670000 -0700
@@ -148,7 +148,7 @@
*/
#ifndef TERMCAP_BUFSIZE
-# define TERMCAP_BUFSIZE 1023
+# define TERMCAP_BUFSIZE 1024
#endif
/*
@@ -161,6 +161,6 @@
/* Changing those you won't be able to attach to your old sessions
* when changing those values in official tree don't forget to bump
* MSG_VERSION */
-#define MAXTERMLEN 32
+#define MAXTERMLEN 63
#define MAXLOGINLEN 256