packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!79 [sync] PR-78: fix CVE-2021-4019

Browse Source 
From: @openeuler-sync-bot
Reviewed-by: @xiezhipeng1
Signed-off-by: @xiezhipeng1
This commit is contained in:
openeuler-ci-bot 2021-12-08 03:09:58 +00:00 committed by Gitee
commit 8580dc78c7
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
backport-CVE-2021-4019.patch Normal file
View File

@ -0,0 +1,45 @@
From bd228fd097b41a798f90944b5d1245eddd484142 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Thu, 25 Nov 2021 10:50:12 +0000
Subject: [PATCH] patch 8.2.3669: buffer overflow with long help argument
Problem: Buffer overflow with long help argument.
Solution: Use snprintf().
---
src/ex_cmds.c | 3 +--
src/testdir/test_help.vim | 8 ++++++++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
index 45c733b..8f6444f 100644
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -5436,8 +5436,7 @@ find_help_tags(
|| (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
&& arg[2] != NUL)))
{
- STRCPY(d, "/\\\\");
- STRCPY(d + 3, arg + 1);
+ vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
// Check for "/\\_$", should be "/\\_\$"
if (d[3] == '_' && d[4] == '$')
STRCPY(d + 4, "\\$");
diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
index 5dd937a..c2aeb1f 100644
--- a/src/testdir/test_help.vim
+++ b/src/testdir/test_help.vim
@@ -55,3 +55,11 @@ func Test_help_local_additions()
call delete('Xruntime', 'rf')
let &rtp = rtp_save
endfunc
+
+func Test_help_long_argument()
+ try
+ exe 'help \%' .. repeat('0', 1021)
+ catch
+ call assert_match("E149:", v:exception)
+ endtry
+endfunc
--
1.8.3.1

9
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim Name: vim
Epoch: 2 Epoch: 2
Version: 8.2 Version: 8.2
Release: 16 Release: 17
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT License: Vim and MIT
URL: http://www.vim.org URL: http://www.vim.org
@ -50,6 +50,7 @@ Patch6012: backport-CVE-2021-3974.patch
Patch6013: backport-find-test-fails.patch Patch6013: backport-find-test-fails.patch
Patch6014: backport-no-early-check-if-find-and-sfind-have-an-argument.patch Patch6014: backport-no-early-check-if-find-and-sfind-have-an-argument.patch
Patch6015: backport-CVE-2021-3984.patch Patch6015: backport-CVE-2021-3984.patch
Patch6016: backport-CVE-2021-4019.patch
Patch9000: bugfix-rm-modify-info-version.patch Patch9000: bugfix-rm-modify-info-version.patch
@ -438,6 +439,12 @@ popd
%{_mandir}/man1/evim.* %{_mandir}/man1/evim.*
%changelog %changelog
* Tue Dec 07 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-17
- Type:CVE
- ID:CVE-2021-4019
- SUG:NA
- DESC:fix CVE-2021-4019
* Sat Dec 04 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-16 * Sat Dec 04 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-16
- Type:CVE - Type:CVE
- ID:CVE-2021-3984 - ID:CVE-2021-3984