Merge pull request #213044 from NixOS/backport-213041-to-release-22.11

[Backport release-22.11] tmux: apply patch for CVE-2022-47016
NixOS · Jan 28, 2023 · ce20e9e · ce20e9e
2 parents ddb884c + 41cd6fa
commit ce20e9e
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 0 deletions.
diff --git a/pkgs/tools/misc/tmux/CVE-2022-47016.patch b/pkgs/tools/misc/tmux/CVE-2022-47016.patch
@@ -0,0 +1,72 @@
+From 01f753df5dc269cf054b94c3f210aa880872d602 Mon Sep 17 00:00:00 2001
+From: nicm <nicm>
+Date: Wed, 24 Aug 2022 07:22:30 +0000
+Subject: [PATCH] Check for NULL returns from bufferevent_new.
+
+(cherry picked from commit e86752820993a00e3d28350cbe46878ba95d9012)
+---
+ control.c | 4 ++++
+ file.c    | 4 ++++
+ window.c  | 2 ++
+ 3 files changed, 10 insertions(+)
+
+diff --git a/control.c b/control.c
+index 73286e00..6183a006 100644
+--- a/control.c
++++ b/control.c
+@@ -775,6 +775,8 @@ control_start(struct client *c)
+
+ 	cs->read_event = bufferevent_new(c->fd, control_read_callback,
+ 	    control_write_callback, control_error_callback, c);
++	if (cs->read_event == NULL)
++		fatalx("out of memory");
+ 	bufferevent_enable(cs->read_event, EV_READ);
+
+ 	if (c->flags & CLIENT_CONTROLCONTROL)
+@@ -782,6 +784,8 @@ control_start(struct client *c)
+ 	else {
+ 		cs->write_event = bufferevent_new(c->out_fd, NULL,
+ 		    control_write_callback, control_error_callback, c);
++		if (cs->write_event == NULL)
++			fatalx("out of memory");
+ 	}
+ 	bufferevent_setwatermark(cs->write_event, EV_WRITE, CONTROL_BUFFER_LOW,
+ 	    0);
+diff --git a/file.c b/file.c
+index b2f155fe..04a907bf 100644
+--- a/file.c
++++ b/file.c
+@@ -585,6 +585,8 @@ file_write_open(struct client_files *files, struct tmuxpeer *peer,
+
+ 	cf->event = bufferevent_new(cf->fd, NULL, file_write_callback,
+ 	    file_write_error_callback, cf);
++	if (cf->event == NULL)
++		fatalx("out of memory");
+ 	bufferevent_enable(cf->event, EV_WRITE);
+ 	goto reply;
+
+@@ -744,6 +746,8 @@ file_read_open(struct client_files *files, struct tmuxpeer *peer,
+
+ 	cf->event = bufferevent_new(cf->fd, file_read_callback, NULL,
+ 	    file_read_error_callback, cf);
++	if (cf->event == NULL)
++		fatalx("out of memory");
+ 	bufferevent_enable(cf->event, EV_READ);
+ 	return;
+
+diff --git a/window.c b/window.c
+index c0cd9bdc..294a1f08 100644
+--- a/window.c
++++ b/window.c
+@@ -1042,6 +1042,8 @@ window_pane_set_event(struct window_pane *wp)
+
+ 	wp->event = bufferevent_new(wp->fd, window_pane_read_callback,
+ 	    NULL, window_pane_error_callback, wp);
++	if (wp->event == NULL)
++		fatalx("out of memory");
+ 	wp->ictx = input_init(wp, wp->event, &wp->palette);
+
+ 	bufferevent_enable(wp->event, EV_READ|EV_WRITE);
+-- 
+2.39.1
+
diff --git a/pkgs/tools/misc/tmux/default.nix b/pkgs/tools/misc/tmux/default.nix
@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, fetchpatch
 , autoreconfHook
 , bison
 , libevent
@@ -35,6 +36,10 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-SygHxTe7N4y7SdzKixPFQvqRRL57Fm8zWYHfTpW+yVY=";
   };
 
+  patches = [
+    ./CVE-2022-47016.patch
+  ];
+
   nativeBuildInputs = [
     pkg-config
     autoreconfHook