From 7daae3f2139a678fe0ae0b42fcf8d807cbff485c Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
Date: Sun, 4 Feb 2024 13:42:38 +0800
Subject: [PATCH] parse_entry.c: check return value of _nc_save_str

* check return value of _nc_save_str(), in special case for tic where
extended capabilities are processed but the terminal description was
not initialized (report by Ziqiao Kong).

* regenerate llib-* files.

CVE: CVE-2023-50495

Upstream-Status: Backport [http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=7723dd6799ab10b32047ec73b14df9f107bafe99]

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
 ncurses/llib-lncurses       | 15 +++++++++++++++
 ncurses/llib-lncursest      | 15 +++++++++++++++
 ncurses/llib-lncursestw     | 15 +++++++++++++++
 ncurses/llib-lncursesw      | 15 +++++++++++++++
 ncurses/llib-ltinfo         | 15 +++++++++++++++
 ncurses/llib-ltinfot        | 15 +++++++++++++++
 ncurses/llib-ltinfotw       | 15 +++++++++++++++
 ncurses/llib-ltinfow        | 15 +++++++++++++++
 ncurses/tinfo/parse_entry.c | 23 ++++++++++++++++-------
 9 files changed, 136 insertions(+), 7 deletions(-)

diff --git a/ncurses/llib-lncurses b/ncurses/llib-lncurses
index 211cf3b7..e4190aa2 100644
--- a/ncurses/llib-lncurses
+++ b/ncurses/llib-lncurses
@@ -3656,6 +3656,21 @@ char	*tiparm(
 		...)
 		{ return(*(char **)0); }
 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
 #undef _nc_tiparm
 char	*_nc_tiparm(
 		int	expected,
diff --git a/ncurses/llib-lncursest b/ncurses/llib-lncursest
index 1b09d676..e07abba6 100644
--- a/ncurses/llib-lncursest
+++ b/ncurses/llib-lncursest
@@ -3741,6 +3741,21 @@ char	*tiparm(
 		...)
 		{ return(*(char **)0); }
 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
 #undef _nc_tiparm
 char	*_nc_tiparm(
 		int	expected,
diff --git a/ncurses/llib-lncursestw b/ncurses/llib-lncursestw
index 4576e0fc..747c6be8 100644
--- a/ncurses/llib-lncursestw
+++ b/ncurses/llib-lncursestw
@@ -4702,6 +4702,21 @@ char	*tiparm(
 		...)
 		{ return(*(char **)0); }
 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
 #undef _nc_tiparm
 char	*_nc_tiparm(
 		int	expected,
diff --git a/ncurses/llib-lncursesw b/ncurses/llib-lncursesw
index 127350d2..862305d9 100644
--- a/ncurses/llib-lncursesw
+++ b/ncurses/llib-lncursesw
@@ -4617,6 +4617,21 @@ char	*tiparm(
 		...)
 		{ return(*(char **)0); }
 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
 #undef _nc_tiparm
 char	*_nc_tiparm(
 		int	expected,
diff --git a/ncurses/llib-ltinfo b/ncurses/llib-ltinfo
index a5cd7cd3..31e5e9a6 100644
--- a/ncurses/llib-ltinfo
+++ b/ncurses/llib-ltinfo
@@ -927,6 +927,21 @@ char	*tiparm(
 		...)
 		{ return(*(char **)0); }
 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
 #undef _nc_tiparm
 char	*_nc_tiparm(
 		int	expected,
diff --git a/ncurses/llib-ltinfot b/ncurses/llib-ltinfot
index bd3de812..48e5c25a 100644
--- a/ncurses/llib-ltinfot
+++ b/ncurses/llib-ltinfot
@@ -1003,6 +1003,21 @@ char	*tiparm(
 		...)
 		{ return(*(char **)0); }
 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
 #undef _nc_tiparm
 char	*_nc_tiparm(
 		int	expected,
diff --git a/ncurses/llib-ltinfotw b/ncurses/llib-ltinfotw
index 4d35a1e1..64dfdfa5 100644
--- a/ncurses/llib-ltinfotw
+++ b/ncurses/llib-ltinfotw
@@ -1025,6 +1025,21 @@ char	*tiparm(
 		...)
 		{ return(*(char **)0); }
 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
 #undef _nc_tiparm
 char	*_nc_tiparm(
 		int	expected,
diff --git a/ncurses/llib-ltinfow b/ncurses/llib-ltinfow
index db846764..7e17a35f 100644
--- a/ncurses/llib-ltinfow
+++ b/ncurses/llib-ltinfow
@@ -949,6 +949,21 @@ char	*tiparm(
 		...)
 		{ return(*(char **)0); }
 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
 #undef _nc_tiparm
 char	*_nc_tiparm(
 		int	expected,
diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
index 14bcb67e..0a0b5637 100644
--- a/ncurses/tinfo/parse_entry.c
+++ b/ncurses/tinfo/parse_entry.c
@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
 	/* Well, we are given a cancel for a name that we don't recognize */
 	return _nc_extend_names(entryp, name, STRING);
     default:
-	return 0;
+	return NULL;
     }
 
     /* Adjust the 'offset' (insertion-point) to keep the lists of extended
@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
 	for (last = (unsigned) (max - 1); last > tindex; last--)
 
     if (!found) {
+	char *saved;
+
+	if ((saved = _nc_save_str(name)) == NULL)
+	    return NULL;
+
 	switch (token_type) {
 	case BOOLEAN:
 	    tp->ext_Booleans++;
@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
 	TYPE_REALLOC(char *, actual, tp->ext_Names);
 	while (--actual > offset)
 	    tp->ext_Names[actual] = tp->ext_Names[actual - 1];
-	tp->ext_Names[offset] = _nc_save_str(name);
+	tp->ext_Names[offset] = saved;
     }
 
     temp.nte_name = tp->ext_Names[offset];
@@ -364,6 +369,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
 	bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0);
 	bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0);
 	if (is_use || is_tc) {
+	    char *saved;
+
 	    if (!VALID_STRING(_nc_curr_token.tk_valstring)
 		|| _nc_curr_token.tk_valstring[0] == '\0') {
 		_nc_warning("missing name for use-clause");
@@ -377,11 +384,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
 			    _nc_curr_token.tk_valstring);
 		continue;
 	    }
-	    entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
-	    entryp->uses[entryp->nuses].line = _nc_curr_line;
-	    entryp->nuses++;
-	    if (entryp->nuses > 1 && is_tc) {
-		BAD_TC_USAGE
+	    if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) {
+			entryp->uses[entryp->nuses].name = saved;
+			entryp->uses[entryp->nuses].line = _nc_curr_line;
+			entryp->nuses++;
+			if (entryp->nuses > 1 && is_tc) {
+			    BAD_TC_USAGE
+		    }
 	    }
 	} else {
 	    /* normal token lookup */
-- 
2.25.1