Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1635802406291010"
MIME-Version: 1.0
Date: Mon, 1 Nov 2021 21:33:26 +0000
From: "Frederic Cambus" <fcambus@netbsd.org>
Subject: CVS commit: pkgsrc/editors/tweak
To: pkgsrc-changes@NetBSD.org
Reply-To: fcambus@netbsd.org
Message-Id: <20211101213326.BCEE9FAEC@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1635802406291010
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	fcambus
Date:		Mon Nov  1 21:33:26 UTC 2021

Modified Files:
	pkgsrc/editors/tweak: Makefile distinfo
Added Files:
	pkgsrc/editors/tweak/patches: patch-keytab.c

Log Message:
editors/tweak: Fix buffer overflow in 'unknown key sequence' error report.

>From upstream commit ad97e1337e1e1df934b7f3674fa6c9f7e8eb603f.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/editors/tweak/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/editors/tweak/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/editors/tweak/patches/patch-keytab.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1635802406291010
Content-Disposition: inline
Content-Length: 4420
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/editors/tweak/Makefile
diff -u pkgsrc/editors/tweak/Makefile:1.6 pkgsrc/editors/tweak/Makefile:1.7
--- pkgsrc/editors/tweak/Makefile:1.6	Sun Jan 10 11:20:17 2021
+++ pkgsrc/editors/tweak/Makefile	Mon Nov  1 21:33:26 2021
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2021/01/10 11:20:17 fcambus Exp $
+# $NetBSD: Makefile,v 1.7 2021/11/01 21:33:26 fcambus Exp $
 #
 
 DISTNAME=	tweak-3.02
+PKGREVISION=	1
 CATEGORIES=	editors
 MASTER_SITES=	https://www.chiark.greenend.org.uk/~sgtatham/tweak/
 
@@ -10,6 +11,7 @@ HOMEPAGE=	https://www.chiark.greenend.or
 COMMENT=	Efficient hex editor
 LICENSE=	mit
 
+USE_LANGUAGES=	c c99
 USE_TOOLS+=	gmake
 
 MAKE_FLAGS+=	PREFIX=${PREFIX} DESTDIR=${DESTDIR}

Index: pkgsrc/editors/tweak/distinfo
diff -u pkgsrc/editors/tweak/distinfo:1.8 pkgsrc/editors/tweak/distinfo:1.9
--- pkgsrc/editors/tweak/distinfo:1.8	Tue Oct 26 10:21:42 2021
+++ pkgsrc/editors/tweak/distinfo	Mon Nov  1 21:33:26 2021
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.8 2021/10/26 10:21:42 nia Exp $
+$NetBSD: distinfo,v 1.9 2021/11/01 21:33:26 fcambus Exp $
 
 BLAKE2s (tweak-3.02.tar.gz) = 170eca560ea496ce821c273c481e638ef65fa22d81d3179a8c1fbdeffbe23376
 SHA512 (tweak-3.02.tar.gz) = 4cf16eae1c48073ca77b0577585473288d7ecbc2d261a359db2cff372c1850cd809becb46bc745ac7d07e982d5eae9a0e0332402267ebab6b12cc952a02cff4e
 Size (tweak-3.02.tar.gz) = 71939 bytes
 SHA1 (patch-Makefile) = 43041b78d4bb28c84ab53792cbd39603c8ece038
+SHA1 (patch-keytab.c) = 369ec87681d21cc26f104ba5ef9cd59a2c99707a
 SHA1 (patch-rcfile.c) = 82bf8d167537de068650d3feaf5552ff7bb2be1b

Added files:

Index: pkgsrc/editors/tweak/patches/patch-keytab.c
diff -u /dev/null pkgsrc/editors/tweak/patches/patch-keytab.c:1.1
--- /dev/null	Mon Nov  1 21:33:26 2021
+++ pkgsrc/editors/tweak/patches/patch-keytab.c	Mon Nov  1 21:33:26 2021
@@ -0,0 +1,95 @@
+$NetBSD: patch-keytab.c,v 1.1 2021/11/01 21:33:26 fcambus Exp $
+
+Fix buffer overflow in 'unknown key sequence' error report.
+
+Upstream commit ad97e1337e1e1df934b7f3674fa6c9f7e8eb603f.
+
+--- keytab.c.orig	2021-11-01 18:58:59.087368560 +0000
++++ keytab.c
+@@ -1,5 +1,6 @@
+ #include "tweak.h"
+ 
++#include <stdbool.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -61,16 +62,33 @@ void bind_key (char *sequence, int len, 
+ /*
+  * Format an ASCII code into a printable description of the key stroke.
+  */
+-static void strkey (char *s, int k) {
+-    k &= 255;			       /* force unsigned */
+-    if (k==27)
+-	strcpy(s, " ESC");
+-    else if (k<32 || k==127)
+-	sprintf(s, " ^%c", k ^ 64);
+-    else if (k<127)
+-	sprintf(s, " %c", k);
+-    else
+-	sprintf(s, " <0x%2X>", k);
++struct strkey_state {
++    char *s, *end;
++    bool truncated;
++};
++static void strkey (struct strkey_state *sks, int k) {
++    char thisbuf[32];
++
++    if (sks->truncated)
++        return;
++
++    if (sks->end - sks->s < 16) {
++        sks->truncated = true;
++        strcpy(thisbuf, " ...");
++    } else {
++        k &= 255;			       /* force unsigned */
++        if (k==27)
++            strcpy(thisbuf, " ESC");
++        else if (k<32 || k==127)
++            sprintf(thisbuf, " ^%c", k ^ 64);
++        else if (k<127)
++            sprintf(thisbuf, " %c", k);
++        else
++            sprintf(thisbuf, " <0x%2X>", k);
++    }
++
++    strcpy(sks->s, thisbuf);
++    sks->s += strlen(sks->s);
+ }
+ 
+ /*
+@@ -89,12 +107,18 @@ void proc_key (void) {
+     safe_update = FALSE;
+ #endif
+     strcpy(message, "Unknown key sequence");
+-    strkey(message+strlen(message), last_char);
++
++    struct strkey_state sks;
++    sks.s = message + strlen(message);
++    sks.end = message + sizeof(message);
++    sks.truncated = false;
++
++    strkey(&sks, last_char);
+     kt = base[(unsigned char) last_char];
+     if (!kt) {
+ 	display_beep();
+ 	while (display_input_to_flush())
+-	    strkey(message+strlen(message), display_getkey());
++	    strkey(&sks, display_getkey());
+ 	return;
+     }
+ 
+@@ -108,12 +132,12 @@ void proc_key (void) {
+ #if defined(unix) && !defined(GO32)
+ 	safe_update = FALSE;
+ #endif
+-	strkey(message+strlen(message), last_char);
++	strkey(&sks, last_char);
+ 	kt = kt->e.extended[(unsigned char) last_char];
+ 	if (!kt) {
+ 	    display_beep();
+ 	    while (display_input_to_flush())
+-		strkey(message+strlen(message), display_getkey());
++		strkey(&sks, display_getkey());
+ 	    return;
+ 	}
+     }


--_----------=_1635802406291010--