diff --git a/pkgs/tools/misc/tmux/CVE-2022-47016.patch b/pkgs/tools/misc/tmux/CVE-2022-47016.patch new file mode 100644 index 00000000000..e6ced830421 --- /dev/null +++ b/pkgs/tools/misc/tmux/CVE-2022-47016.patch @@ -0,0 +1,72 @@ +From 01f753df5dc269cf054b94c3f210aa880872d602 Mon Sep 17 00:00:00 2001 +From: nicm +Date: Wed, 24 Aug 2022 07:22:30 +0000 +Subject: [PATCH] Check for NULL returns from bufferevent_new. + +(cherry picked from commit e86752820993a00e3d28350cbe46878ba95d9012) +--- + control.c | 4 ++++ + file.c | 4 ++++ + window.c | 2 ++ + 3 files changed, 10 insertions(+) + +diff --git a/control.c b/control.c +index 73286e00..6183a006 100644 +--- a/control.c ++++ b/control.c +@@ -775,6 +775,8 @@ control_start(struct client *c) + + cs->read_event = bufferevent_new(c->fd, control_read_callback, + control_write_callback, control_error_callback, c); ++ if (cs->read_event == NULL) ++ fatalx("out of memory"); + bufferevent_enable(cs->read_event, EV_READ); + + if (c->flags & CLIENT_CONTROLCONTROL) +@@ -782,6 +784,8 @@ control_start(struct client *c) + else { + cs->write_event = bufferevent_new(c->out_fd, NULL, + control_write_callback, control_error_callback, c); ++ if (cs->write_event == NULL) ++ fatalx("out of memory"); + } + bufferevent_setwatermark(cs->write_event, EV_WRITE, CONTROL_BUFFER_LOW, + 0); +diff --git a/file.c b/file.c +index b2f155fe..04a907bf 100644 +--- a/file.c ++++ b/file.c +@@ -585,6 +585,8 @@ file_write_open(struct client_files *files, struct tmuxpeer *peer, + + cf->event = bufferevent_new(cf->fd, NULL, file_write_callback, + file_write_error_callback, cf); ++ if (cf->event == NULL) ++ fatalx("out of memory"); + bufferevent_enable(cf->event, EV_WRITE); + goto reply; + +@@ -744,6 +746,8 @@ file_read_open(struct client_files *files, struct tmuxpeer *peer, + + cf->event = bufferevent_new(cf->fd, file_read_callback, NULL, + file_read_error_callback, cf); ++ if (cf->event == NULL) ++ fatalx("out of memory"); + bufferevent_enable(cf->event, EV_READ); + return; + +diff --git a/window.c b/window.c +index c0cd9bdc..294a1f08 100644 +--- a/window.c ++++ b/window.c +@@ -1042,6 +1042,8 @@ window_pane_set_event(struct window_pane *wp) + + wp->event = bufferevent_new(wp->fd, window_pane_read_callback, + NULL, window_pane_error_callback, wp); ++ if (wp->event == NULL) ++ fatalx("out of memory"); + wp->ictx = input_init(wp, wp->event, &wp->palette); + + bufferevent_enable(wp->event, EV_READ|EV_WRITE); +-- +2.39.1 + diff --git a/pkgs/tools/misc/tmux/default.nix b/pkgs/tools/misc/tmux/default.nix index 139cadc7064..a630dbc3741 100644 --- a/pkgs/tools/misc/tmux/default.nix +++ b/pkgs/tools/misc/tmux/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , autoreconfHook , bison , libevent @@ -35,6 +36,10 @@ stdenv.mkDerivation rec { sha256 = "sha256-SygHxTe7N4y7SdzKixPFQvqRRL57Fm8zWYHfTpW+yVY="; }; + patches = [ + ./CVE-2022-47016.patch + ]; + nativeBuildInputs = [ pkg-config autoreconfHook