packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2022-1720,CVE-2022-2183

Browse Source 
(cherry picked from commit 150891f3b3193206262db2aea3a63f7690976916)
This commit is contained in:
rwx403335 2022-07-05 16:31:19 +08:00 committed by openeuler-sync-bot
parent 4c51b4276d
commit 88264a8e74
3 changed files with 134 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
backport-CVE-2022-1720.patch Normal file
View File

@ -0,0 +1,66 @@
From 395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 14 May 2022 21:29:44 +0100
Subject: [PATCH] patch 8.2.4956: reading past end of line with "gf" in Visual
block mode
Problem: Reading past end of line with "gf" in Visual block mode.
Solution: Do not include the NUL in the length.
---
src/normal.c | 13 ++++++++++---
src/testdir/test_gf.vim | 15 +++++++++++++++
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/src/normal.c b/src/normal.c
index d33a56a..898c836 100644
--- a/src/normal.c
+++ b/src/normal.c
@@ -3791,9 +3791,16 @@ get_visual_text(
}
if (**pp == NUL)
*lenp = 0;
- if (has_mbyte && *lenp > 0)
- // Correct the length to include all bytes of the last character.
- *lenp += (*mb_ptr2len)(*pp + (*lenp - 1)) - 1;
+ if (*lenp > 0)
+ {
+ if (has_mbyte)
+ // Correct the length to include all bytes of the last
+ // character.
+ *lenp += (*mb_ptr2len)(*pp + (*lenp - 1)) - 1;
+ else if ((*pp)[*lenp - 1] == NUL)
+ // Do not include a trailing NUL.
+ *lenp -= 1;
+ }
}
reset_VIsual_and_resel();
return OK;
diff --git a/src/testdir/test_gf.vim b/src/testdir/test_gf.vim
index d301874..596f3e8 100644
--- a/src/testdir/test_gf.vim
+++ b/src/testdir/test_gf.vim
@@ -106,6 +106,21 @@ func Test_gf_visual()
call setline(1, 'XXXtest_gf_visualXXX')
set hidden
+ " do not include the NUL at the end
+ call writefile(['x'], 'X')
+ let save_enc = &enc
+ for enc in ['latin1', 'utf-8']
+ exe "set enc=" .. enc
+ new
+ call setline(1, 'X')
+ set nomodified
+ exe "normal \<C-V>$gf"
+ call assert_equal('X', bufname())
+ bwipe!
+ endfor
+ let &enc = save_enc
+ call delete('X')
+
" Visually select Xtest_gf_visual and use gf to go to that file
norm! ttvtXgf
call assert_equal('Xtest_gf_visual', bufname('%'))
--
1.8.3.1

59
backport-CVE-2022-2183.patch Normal file
View File

@ -0,0 +1,59 @@
From 8eba2bd291b347e3008aa9e565652d51ad638cfa Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 22 Jun 2022 19:59:28 +0100
Subject: [PATCH] patch 8.2.5151: reading beyond the end of the line with lisp
indenting
Problem: Reading beyond the end of the line with lisp indenting.
Solution: Avoid going over the NUL at the end of the line.
---
src/indent.c | 7 +++++--
src/testdir/test_lispwords.vim | 12 +++++++++++-
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/src/indent.c b/src/indent.c
index 2d07e2e..a58d6ea 100644
--- a/src/indent.c
+++ b/src/indent.c
@@ -1967,8 +1967,11 @@ get_lisp_indent(void)
amount += 2;
else
{
- that++;
- amount++;
+ if (*that != NUL)
+ {
+ that++;
+ amount++;
+ }
firsttry = amount;
while (VIM_ISWHITE(*that))
diff --git a/src/testdir/test_lispwords.vim b/src/testdir/test_lispwords.vim
index ff710b2..4144fb0 100644
--- a/src/testdir/test_lispwords.vim
+++ b/src/testdir/test_lispwords.vim
@@ -1,4 +1,5 @@
-" Tests for 'lispwords' settings being global-local
+" Tests for 'lispwords' settings being global-local.
+" And other lisp indent stuff.
set nocompatible viminfo+=nviminfo
@@ -85,4 +86,13 @@ func Test_lisp_indent()
set nolisp
endfunc
+func Test_lisp_indent_works()
+ " This was reading beyond the end of the line
+ new
+ exe "norm a\tü(\<CR>="
+ set lisp
+ norm ==
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.27.0

10
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim Name: vim
Epoch: 2 Epoch: 2
Version: 8.2 Version: 8.2
Release: 47 Release: 48
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT License: Vim and MIT
URL: http://www.vim.org URL: http://www.vim.org
@ -133,6 +133,8 @@ Patch6096: backport-patch-8.2.0358-insufficient-testing-for-indent.c.patch
Patch6097: backport-CVE-2022-2125.patch Patch6097: backport-CVE-2022-2125.patch
Patch6098: backport-CVE-2022-2206.patch Patch6098: backport-CVE-2022-2206.patch
Patch6099: backport-patch-8.2.5161-might-still-access-invalid-memory.patch Patch6099: backport-patch-8.2.5161-might-still-access-invalid-memory.patch
Patch6100: backport-CVE-2022-1720.patch
Patch6101: backport-CVE-2022-2183.patch
Patch9000: bugfix-rm-modify-info-version.patch Patch9000: bugfix-rm-modify-info-version.patch
@ -521,6 +523,12 @@ popd
%{_mandir}/man1/evim.* %{_mandir}/man1/evim.*
%changelog %changelog
* Tue Jul 05 2022 renhongxun <renhongxun@h-partners.com> - 2:8.2-48
- Type:CVE
- ID:CVE-2022-1720,CVE-2022-2183
- SUG:NA
- DESC:fix CVE-2022-1720,CVE-2022-2183
* Tue Jul 05 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-47 * Tue Jul 05 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-47
- Type:CVE - Type:CVE
- ID:CVE-2022-2125,CVE-2022-2206 - ID:CVE-2022-2125,CVE-2022-2206