anex5
/
gentoo-locomotion
mirror of https://github.com/anex5/gentoo-locomotion


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
							From 94da0240d2ba4ad4be2a02adee5d297941aa4acc Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Sat, 28 Jan 2023 00:24:50 +0100
Subject: [PATCH] tmux: apply patch for CVE-2022-47016

Upstream issues:
https://github.com/tmux/tmux/issues/3312
https://github.com/tmux/tmux/issues/3447

Upstream patch does not apply cleanly on top of 3.3a.
---
 pkgs/tools/misc/tmux/CVE-2022-47016.patch | 72 +++++++++++++++++++++++
 pkgs/tools/misc/tmux/default.nix          |  5 ++
 2 files changed, 77 insertions(+)
 create mode 100644 pkgs/tools/misc/tmux/CVE-2022-47016.patch

diff --git a/control.c b/control.c
index 73286e00..6183a006 100644
--- a/control.c
+++ b/control.c
@@ -775,6 +775,8 @@ control_start(struct client *c)
 
 	cs->read_event = bufferevent_new(c->fd, control_read_callback,
 	    control_write_callback, control_error_callback, c);
+	if (cs->read_event == NULL)
+		fatalx("out of memory");
 	bufferevent_enable(cs->read_event, EV_READ);
 
 	if (c->flags & CLIENT_CONTROLCONTROL)
@@ -782,6 +784,8 @@ control_start(struct client *c)
 	else {
 		cs->write_event = bufferevent_new(c->out_fd, NULL,
 		    control_write_callback, control_error_callback, c);
+		if (cs->write_event == NULL)
+			fatalx("out of memory");
 	}
 	bufferevent_setwatermark(cs->write_event, EV_WRITE, CONTROL_BUFFER_LOW,
 	    0);
diff --git a/file.c b/file.c
index b2f155fe..04a907bf 100644
--- a/file.c
+++ b/file.c
@@ -585,6 +585,8 @@ file_write_open(struct client_files *files, struct tmuxpeer *peer,
 
 	cf->event = bufferevent_new(cf->fd, NULL, file_write_callback,
 	    file_write_error_callback, cf);
+	if (cf->event == NULL)
+		fatalx("out of memory");
 	bufferevent_enable(cf->event, EV_WRITE);
 	goto reply;
 
@@ -744,6 +746,8 @@ file_read_open(struct client_files *files, struct tmuxpeer *peer,
 
 	cf->event = bufferevent_new(cf->fd, file_read_callback, NULL,
 	    file_read_error_callback, cf);
+	if (cf->event == NULL)
+		fatalx("out of memory");
 	bufferevent_enable(cf->event, EV_READ);
 	return;
 
diff --git a/window.c b/window.c
index c0cd9bdc..294a1f08 100644
--- a/window.c
+++ b/window.c
@@ -1042,6 +1042,8 @@ window_pane_set_event(struct window_pane *wp)
 
 	wp->event = bufferevent_new(wp->fd, window_pane_read_callback,
 	    NULL, window_pane_error_callback, wp);
+	if (wp->event == NULL)
+		fatalx("out of memory");
 	wp->ictx = input_init(wp, wp->event, &wp->palette);
 
 	bufferevent_enable(wp->event, EV_READ|EV_WRITE);
-- 
2.39.1