Hi Salvatore, On 5/2/24 10:45, Salvatore Bonaccorso wrote: [...]
Take a look at the attached patch. It applies and fixes the bookworm and bullseye versions. It seems the buster version is not vulnerable to this particular issue.I did ponder about it and trying to add this fix as well for the upcoming less DSA, but it won't go apply for the older releases and the issue is compared minor enough. I think I will go ahead with the two CVE fixes only.
Milan
Date: Tue Apr 23 10:54:50 2024 -0700 Author: Mark Nudelman <ma...@greenwoodsoftware.com> Author: Milan Kupcevic <mi...@debian.org> Origin: upstream, https://github.com/gwsw/less/commit/2a642a07d86f7f9484db18cd748bc521e71c997f Bug-Debian: https://bugs.debian.org/1069681 Applied-Upstream: 654 Subject: Fix incorrect display when filename contains control chars. --- output.c | 12 ++++++++++-- prompt.c | 17 ++++++++++++----- 2 files changed, 22 insertions(+), 7 deletions(-) --- a/output.c +++ b/output.c @@ -31,6 +31,7 @@ extern int screen_trashed; extern int is_tty; extern int oldbot; +extern int utf_mode; #if MSDOS_COMPILER==WIN32C || MSDOS_COMPILER==BORLANDC || MSDOS_COMPILER==DJGPPC extern int ctldisp; @@ -562,6 +563,7 @@ PARG *parg; { char *s; + char *es; int col; col = 0; @@ -578,11 +580,17 @@ { case 's': s = parg->p_string; + es = s + strlen(s); parg++; while (*s != '\0') { - putchr(*s++); - col++; + LWCHAR ch = step_char(&s, +1, es); + constant char *ps = utf_mode ? prutfchar(ch) : prchar(ch); + while (*ps != '\0') + { + putchr(*ps++); + col++; + } } break; case 'd': --- a/prompt.c +++ b/prompt.c @@ -29,6 +29,7 @@ extern int sc_height; extern int jump_sline; extern int less_is_more; +extern int utf_mode; extern IFILE curr_ifile; #if EDITOR extern char *editor; @@ -83,13 +84,17 @@ ap_str(s) char *s; { - int len; - - len = (int) strlen(s); - if (mp + len >= message + PROMPT_SIZE) - len = (int) (message + PROMPT_SIZE - mp - 1); - strncpy(mp, s, len); - mp += len; + char *es = s + strlen(s); + while (*s != '\0') + { + LWCHAR ch = step_char(&s, +1, es); + constant char *ps = utf_mode ? prutfchar(ch) : prchar(ch); + size_t plen = strlen(ps); + if (mp + plen >= message + PROMPT_SIZE) + break; + strcpy(mp, ps); + mp += plen; + } *mp = '\0'; }