!175 [sync] PR-171: fix CVE-2022-0685

From: @openeuler-sync-bot Reviewed-by: @overweight Signed-off-by: @overweight
2022-03-10 01:49:53 +00:00 · 2022-03-10 01:49:53 +00:00 · 9643662e71
commit 9643662e71
parent f07c07db8b e56a92f14f
2 changed files with 93 additions and 1 deletions
--- a/backport-CVE-2022-0685.patch
+++ b/backport-CVE-2022-0685.patch
@ -0,0 +1,85 @@
+From 5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sat, 19 Feb 2022 11:20:12 +0000
+Subject: [PATCH] patch 8.2.4418: crash when using special multi-byte character
+
+Problem:    Crash when using special multi-byte character.
+Solution:   Don't use isalpha() for an arbitrary character.
+
+Conflict:
+upstream patches:
+  call assert_fails('tc űŤŤŤ¦*', 'E344:')
+openEuler patches:
+  call assert_fails('tc űŤŤŤ¦*', 'E472:')
+---
+ src/charset.c                  | 6 ++++++
+ src/filepath.c                 | 2 +-
+ src/proto/charset.pro          | 2 +-
+ src/testdir/test_autochdir.vim | 7 +++++++
+ 4 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/src/charset.c b/src/charset.c
+index a768c17..847a01a 100644
+--- a/src/charset.c
+++ b/src/charset.c
+@@ -1654,6 +1654,12 @@ vim_isupper(int c)
+     return isupper(c);
+ }
+ 
+    int
+vim_isalpha(int c)
+{
+    return vim_islower(c) || vim_isupper(c);
+}
+
+     int
+ vim_toupper(int c)
+ {
+diff --git a/src/filepath.c b/src/filepath.c
+index 01d2dcb..c7f0265 100644
+--- a/src/filepath.c
+++ b/src/filepath.c
+@@ -3300,7 +3300,7 @@ unix_expandpath(
+ 	else if (path_end >= path + wildoff
+ 			 && (vim_strchr((char_u *)"*?[{~$", *path_end) != NULL
+ 			     || (!p_fic && (flags & EW_ICASE)
+-					     && isalpha(PTR2CHAR(path_end)))))
+					  && vim_isalpha(PTR2CHAR(path_end)))))
+ 	    e = p;
+ 	if (has_mbyte)
+ 	{
+diff --git a/src/proto/charset.pro b/src/proto/charset.pro
+index c582a8c..2a928e3 100644
+--- a/src/proto/charset.pro
+++ b/src/proto/charset.pro
+@@ -47,6 +47,7 @@ int vim_isxdigit(int c);
+ int vim_isbdigit(int c);
+ int vim_islower(int c);
+ int vim_isupper(int c);
+int vim_isalpha(int c);
+ int vim_toupper(int c);
+ int vim_tolower(int c);
+ char_u *skiptowhite(char_u *p);
+@@ -59,5 +60,4 @@ int hexhex2nr(char_u *p);
+ int rem_backslash(char_u *str);
+ void backslash_halve(char_u *p);
+ char_u *backslash_halve_save(char_u *p);
+-void ebcdic2ascii(char_u *buffer, int len);
+ /* vim: set ft=c : */
+diff --git a/src/testdir/test_autochdir.vim b/src/testdir/test_autochdir.vim
+index 1473854..99fc9ae 100644
+--- a/src/testdir/test_autochdir.vim
+++ b/src/testdir/test_autochdir.vim
+@@ -24,3 +24,10 @@ func Test_set_filename()
+   call chdir(cwd)
+   call delete('samples/Xtest')
+ endfunc
+
+func Test_multibyte()
+  " using an invalid character should not cause a crash
+  set wic
+  call assert_fails('tc űŤŤŤ¦*', 'E472:')
+  set nowic
+endfunc
+-- 
+2.27.0
--- a/vim.spec
+++ b/vim.spec
@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        8.2
-Release:        25
+Release:        26
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@ -87,6 +87,7 @@ Patch6050:      backport-crash-when-pasting-too-many-times.patch
 Patch6051:      backport-CVE-2022-0572.patch
 Patch6052:      backport-CVE-2022-0714.patch
 Patch6053:      backport-CVE-2022-0729.patch
+Patch6054:      backport-CVE-2022-0685.patch

 Patch9000:      bugfix-rm-modify-info-version.patch

@ -475,6 +476,12 @@ popd
 %{_mandir}/man1/evim.*

 %changelog
+* Wed Mar 09 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-26
+- Type:CVE
+- ID:CVE-2022-0685
+- SUG:NA
+- DESC:fix CVE-2022-0685
+
 * Sat Mar 05 2022 yuanxin <yuanxin24@h-partners.com> - 2:8.2-25
 - Type:CVE
 - ID:fix CVE-2022-0714 CVE-2022-0729