ncurses-lite

This is a light (microscopic) reimagining of ncurses-rs.

After trying to use ncurses-rs in rust-warrior, and getting alerted by the Github dependabot, the idea for this new library was born.

Security Issues

Mishandling of format strings

An issue was discovered in the ncurses crate for Rust. There are format string issues in printw functions because C format arguments are mishandled.

Buffer overflow and format vulnerabilities

An issue was discovered in the ncurses crate for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled.

The instr function has this comment:

pub fn instr(s: &mut String) -> i32
{
  /* XXX: This is probably broken. */
  unsafe
  {

Reassuring, right?

The mvwinstr function has the same comment:

pub fn mvwinstr(w: WINDOW, y: i32, x: i32, s: &mut String) -> i32
{
  /* XXX: This is probably broken. */
  unsafe
  {

These vulnerabilities have been reported in this issue, which links to:

• CVE-2019-15548 (elaborated in CWE-119)
• CVE-2019-15547 (elaborated in CWE-134)

There are some curses docs online, such as this page that documents the innstr family of functions.

What if

Given the complex nature of the vulnerable functions, and the difficulty in verifying whether they are currently "broken" or whether a change would be "broken" as well...

AND given that none of these functions are used in rust-warrior...

Another option is to create a library that exposes the necessary parts of ncurses to Rust without including these vulnerabilities -- by simply leaving those functions out.

API

The following functions are implemented:

• initscr
• endwin
• curs_set
• newwin
• waddch
• waddstr
• wclear
• wrefresh