A possible buffer overflow in libnewt

[Wu Tao <lepton () sina com>]

Hi!
When I am debugging my little program which used 
libnewt,I found a possible buffer overflow in libnewt.
libnewt is widely used by configuration program in 
redhat.Because there is no suid program use libnewt 
in my redhat 6.2 environment,it seems this bug can't 
be used to gain root.But if there is any suid program 
use libnewt,it is dangerous.
The following is my patch for libnewt 0.5.33.
I have mailed the author of libnewt about a week ago,
but I have got no reply.

diff -ur newt-0.50.33/newt.c newt-0.50.33-n/newt.c
--- newt-0.50.33/newt.c Wed Apr  4 03:33:10 2001
+++ newt-0.50.33-n/newt.c       Tue Mar 19 21:41:24 
2002
@@ -331,6 +331,8 @@
        }

        *chptr++ = key;
+       if(chptr-buf>8)
+               break;

        /* this search should use bsearch(), but when 
we only look through
           a list of 20 (or so) keymappings, it's probably 
faster just to