tmux: apply patch for CVE-2022-47016

Upstream issues: https://github.com/tmux/tmux/issues/3312 https://github.com/tmux/tmux/issues/3447 Upstream patch does not apply cleanly on top of 3.3a.
2023-01-28 00:24:50 +01:00 · 2023-01-28 00:24:50 +01:00 · 94da0240d2
parent 2355d599ca
commit 94da0240d2
2 changed files with 77 additions and 0 deletions
--- a/pkgs/tools/misc/tmux/CVE-2022-47016.patch
+++ b/pkgs/tools/misc/tmux/CVE-2022-47016.patch
@ -0,0 +1,72 @@
+From 01f753df5dc269cf054b94c3f210aa880872d602 Mon Sep 17 00:00:00 2001
+From: nicm <nicm>
+Date: Wed, 24 Aug 2022 07:22:30 +0000
+Subject: [PATCH] Check for NULL returns from bufferevent_new.
+
+(cherry picked from commit e86752820993a00e3d28350cbe46878ba95d9012)
+---
+ control.c | 4 ++++
+ file.c    | 4 ++++
+ window.c  | 2 ++
+ 3 files changed, 10 insertions(+)
+
+diff --git a/control.c b/control.c
+index 73286e00..6183a006 100644
+--- a/control.c
+++ b/control.c
+@@ -775,6 +775,8 @@ control_start(struct client *c)
+ 
+ 	cs->read_event = bufferevent_new(c->fd, control_read_callback,
+ 	    control_write_callback, control_error_callback, c);
+	if (cs->read_event == NULL)
+		fatalx("out of memory");
+ 	bufferevent_enable(cs->read_event, EV_READ);
+ 
+ 	if (c->flags & CLIENT_CONTROLCONTROL)
+@@ -782,6 +784,8 @@ control_start(struct client *c)
+ 	else {
+ 		cs->write_event = bufferevent_new(c->out_fd, NULL,
+ 		    control_write_callback, control_error_callback, c);
+		if (cs->write_event == NULL)
+			fatalx("out of memory");
+ 	}
+ 	bufferevent_setwatermark(cs->write_event, EV_WRITE, CONTROL_BUFFER_LOW,
+ 	    0);
+diff --git a/file.c b/file.c
+index b2f155fe..04a907bf 100644
+--- a/file.c
+++ b/file.c
+@@ -585,6 +585,8 @@ file_write_open(struct client_files *files, struct tmuxpeer *peer,
+ 
+ 	cf->event = bufferevent_new(cf->fd, NULL, file_write_callback,
+ 	    file_write_error_callback, cf);
+	if (cf->event == NULL)
+		fatalx("out of memory");
+ 	bufferevent_enable(cf->event, EV_WRITE);
+ 	goto reply;
+ 
+@@ -744,6 +746,8 @@ file_read_open(struct client_files *files, struct tmuxpeer *peer,
+ 
+ 	cf->event = bufferevent_new(cf->fd, file_read_callback, NULL,
+ 	    file_read_error_callback, cf);
+	if (cf->event == NULL)
+		fatalx("out of memory");
+ 	bufferevent_enable(cf->event, EV_READ);
+ 	return;
+ 
+diff --git a/window.c b/window.c
+index c0cd9bdc..294a1f08 100644
+--- a/window.c
+++ b/window.c
+@@ -1042,6 +1042,8 @@ window_pane_set_event(struct window_pane *wp)
+ 
+ 	wp->event = bufferevent_new(wp->fd, window_pane_read_callback,
+ 	    NULL, window_pane_error_callback, wp);
+	if (wp->event == NULL)
+		fatalx("out of memory");
+ 	wp->ictx = input_init(wp, wp->event, &wp->palette);
+ 
+ 	bufferevent_enable(wp->event, EV_READ|EV_WRITE);
+-- 
+2.39.1
+
--- a/pkgs/tools/misc/tmux/default.nix
+++ b/pkgs/tools/misc/tmux/default.nix
@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, fetchpatch
 , autoreconfHook
 , bison
 , libevent
@ -35,6 +36,10 @@ stdenv.mkDerivation rec {
    sha256 = "sha256-SygHxTe7N4y7SdzKixPFQvqRRL57Fm8zWYHfTpW+yVY=";
  };

+  patches = [
+    ./CVE-2022-47016.patch
+  ];
+
  nativeBuildInputs = [
    pkg-config
    autoreconfHook