diff options
| author | Thomas Gerbet <thomas@gerbet.me> | 2023-01-28 00:24:50 +0100 |
|---|---|---|
| committer | Thomas Gerbet <thomas@gerbet.me> | 2023-01-28 00:24:50 +0100 |
| commit | 94da0240d2ba4ad4be2a02adee5d297941aa4acc (patch) | |
| tree | 479eb276e72fd7f8155cfd73d6bd3e0bd6153b1d | |
| parent | 2355d599ca4dd683c33365f68c3a2f41fd6af68d (diff) | |
tmux: apply patch for CVE-2022-47016
Upstream issues: https://github.com/tmux/tmux/issues/3312 https://github.com/tmux/tmux/issues/3447 Upstream patch does not apply cleanly on top of 3.3a.
| -rw-r--r-- | pkgs/tools/misc/tmux/CVE-2022-47016.patch | 72 | ||||
| -rw-r--r-- | pkgs/tools/misc/tmux/default.nix | 5 |
2 files changed, 77 insertions, 0 deletions
diff --git a/pkgs/tools/misc/tmux/CVE-2022-47016.patch b/pkgs/tools/misc/tmux/CVE-2022-47016.patch new file mode 100644 index 0000000000000..e6ced830421ee --- /dev/null +++ b/pkgs/tools/misc/tmux/CVE-2022-47016.patch @@ -0,0 +1,72 @@ +From 01f753df5dc269cf054b94c3f210aa880872d602 Mon Sep 17 00:00:00 2001 +From: nicm <nicm> +Date: Wed, 24 Aug 2022 07:22:30 +0000 +Subject: [PATCH] Check for NULL returns from bufferevent_new. + +(cherry picked from commit e86752820993a00e3d28350cbe46878ba95d9012) +--- + control.c | 4 ++++ + file.c | 4 ++++ + window.c | 2 ++ + 3 files changed, 10 insertions(+) + +diff --git a/control.c b/control.c +index 73286e00..6183a006 100644 +--- a/control.c ++++ b/control.c +@@ -775,6 +775,8 @@ control_start(struct client *c) + + cs->read_event = bufferevent_new(c->fd, control_read_callback, + control_write_callback, control_error_callback, c); ++ if (cs->read_event == NULL) ++ fatalx("out of memory"); + bufferevent_enable(cs->read_event, EV_READ); + + if (c->flags & CLIENT_CONTROLCONTROL) +@@ -782,6 +784,8 @@ control_start(struct client *c) + else { + cs->write_event = bufferevent_new(c->out_fd, NULL, + control_write_callback, control_error_callback, c); ++ if (cs->write_event == NULL) ++ fatalx("out of memory"); + } + bufferevent_setwatermark(cs->write_event, EV_WRITE, CONTROL_BUFFER_LOW, + 0); +diff --git a/file.c b/file.c +index b2f155fe..04a907bf 100644 +--- a/file.c ++++ b/file.c +@@ -585,6 +585,8 @@ file_write_open(struct client_files *files, struct tmuxpeer *peer, + + cf->event = bufferevent_new(cf->fd, NULL, file_write_callback, + file_write_error_callback, cf); ++ if (cf->event == NULL) ++ fatalx("out of memory"); + bufferevent_enable(cf->event, EV_WRITE); + goto reply; + +@@ -744,6 +746,8 @@ file_read_open(struct client_files *files, struct tmuxpeer *peer, + + cf->event = bufferevent_new(cf->fd, file_read_callback, NULL, + file_read_error_callback, cf); ++ if (cf->event == NULL) ++ fatalx("out of memory"); + bufferevent_enable(cf->event, EV_READ); + return; + +diff --git a/window.c b/window.c +index c0cd9bdc..294a1f08 100644 +--- a/window.c ++++ b/window.c +@@ -1042,6 +1042,8 @@ window_pane_set_event(struct window_pane *wp) + + wp->event = bufferevent_new(wp->fd, window_pane_read_callback, + NULL, window_pane_error_callback, wp); ++ if (wp->event == NULL) ++ fatalx("out of memory"); + wp->ictx = input_init(wp, wp->event, &wp->palette); + + bufferevent_enable(wp->event, EV_READ|EV_WRITE); +-- +2.39.1 + diff --git a/pkgs/tools/misc/tmux/default.nix b/pkgs/tools/misc/tmux/default.nix index 139cadc70642c..a630dbc374117 100644 --- a/pkgs/tools/misc/tmux/default.nix +++ b/pkgs/tools/misc/tmux/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , autoreconfHook , bison , libevent @@ -35,6 +36,10 @@ stdenv.mkDerivation rec { sha256 = "sha256-SygHxTe7N4y7SdzKixPFQvqRRL57Fm8zWYHfTpW+yVY="; }; + patches = [ + ./CVE-2022-47016.patch + ]; + nativeBuildInputs = [ pkg-config autoreconfHook |