packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-4019

Browse Source 
(cherry picked from commit e781a7f3cce40bf6f97bf1d90ea2d49e4c7a9f3e)
This commit is contained in:
shixuantong 2021-12-07 20:42:37 +08:00 committed by openeuler-sync-bot
parent fdcb4922fc
commit d73d02c097
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
backport-CVE-2021-4019.patch Normal file
View File

@ -0,0 +1,45 @@
From bd228fd097b41a798f90944b5d1245eddd484142 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Thu, 25 Nov 2021 10:50:12 +0000
Subject: [PATCH] patch 8.2.3669: buffer overflow with long help argument
Problem: Buffer overflow with long help argument.
Solution: Use snprintf().
---
src/ex_cmds.c | 3 +--
src/testdir/test_help.vim | 8 ++++++++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
index 45c733b..8f6444f 100644
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -5436,8 +5436,7 @@ find_help_tags(
|| (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
&& arg[2] != NUL)))
{
- STRCPY(d, "/\\\\");
- STRCPY(d + 3, arg + 1);
+ vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
// Check for "/\\_$", should be "/\\_\$"
if (d[3] == '_' && d[4] == '$')
STRCPY(d + 4, "\\$");
diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
index 5dd937a..c2aeb1f 100644
--- a/src/testdir/test_help.vim
+++ b/src/testdir/test_help.vim
@@ -55,3 +55,11 @@ func Test_help_local_additions()
call delete('Xruntime', 'rf')
let &rtp = rtp_save
endfunc
+
+func Test_help_long_argument()
+ try
+ exe 'help \%' .. repeat('0', 1021)
+ catch
+ call assert_match("E149:", v:exception)
+ endtry
+endfunc
--
1.8.3.1

9
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim
Epoch: 2
Version: 8.2
Release: 16
Release: 17
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT
URL: http://www.vim.org
@ -50,6 +50,7 @@ Patch6012: backport-CVE-2021-3974.patch
Patch6013: backport-find-test-fails.patch
Patch6014: backport-no-early-check-if-find-and-sfind-have-an-argument.patch
Patch6015: backport-CVE-2021-3984.patch
Patch6016: backport-CVE-2021-4019.patch
Patch9000: bugfix-rm-modify-info-version.patch
@ -438,6 +439,12 @@ popd
%{_mandir}/man1/evim.*
%changelog
* Tue Dec 07 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-17
- Type:CVE
- ID:CVE-2021-4019
- SUG:NA
- DESC:fix CVE-2021-4019
* Sat Dec 04 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-16
- Type:CVE
- ID:CVE-2021-3984