!203 [sync] PR-201: fix CVE-2022-1616
From: @openeuler-sync-bot Reviewed-by: @overweight Signed-off-by: @overweight
This commit is contained in:
openeuler-ci-bot
Gitee
commit
e2dc053eab
58
backport-CVE-2022-1616.patch
Normal file
58
backport-CVE-2022-1616.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From d88934406c5375d88f8f1b65331c9f0cab68cc6c Mon Sep 17 00:00:00 2001
|
||||
From: Bram Moolenaar <Bram@vim.org>
|
||||
Date: Fri, 6 May 2022 20:38:47 +0100
|
||||
Subject: [PATCH] patch 8.2.4895: buffer overflow with invalid command with
|
||||
composing chars
|
||||
|
||||
Problem: Buffer overflow with invalid command with composing chars.
|
||||
Solution: Check that the whole character fits in the buffer.
|
||||
---
|
||||
src/ex_docmd.c | 4 +++-
|
||||
src/testdir/test_cmdline.vim | 11 +++++++++++
|
||||
2 files changed, 14 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/ex_docmd.c b/src/ex_docmd.c
|
||||
index dfcbf37..f142c46 100644
|
||||
--- a/src/ex_docmd.c
|
||||
+++ b/src/ex_docmd.c
|
||||
@@ -3092,7 +3092,7 @@ append_command(char_u *cmd)
|
||||
|
||||
STRCAT(IObuff, ": ");
|
||||
d = IObuff + STRLEN(IObuff);
|
||||
- while (*s != NUL && d - IObuff < IOSIZE - 7)
|
||||
+ while (*s != NUL && d - IObuff + 5 < IOSIZE)
|
||||
{
|
||||
if (enc_utf8 ? (s[0] == 0xc2 && s[1] == 0xa0) : *s == 0xa0)
|
||||
{
|
||||
@@ -3100,6 +3100,8 @@ append_command(char_u *cmd)
|
||||
STRCPY(d, "<a0>");
|
||||
d += 4;
|
||||
}
|
||||
+ else if (d - IObuff + (*mb_ptr2len)(s) + 1 >= IOSIZE)
|
||||
+ break;
|
||||
else
|
||||
MB_COPY_CHAR(s, d);
|
||||
}
|
||||
diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
|
||||
index 5297951..41a73d2 100644
|
||||
--- a/src/testdir/test_cmdline.vim
|
||||
+++ b/src/testdir/test_cmdline.vim
|
||||
@@ -870,4 +870,15 @@ func Test_cmdwin_cedit()
|
||||
delfunc CmdWinType
|
||||
endfunc
|
||||
|
||||
+" this was going over the end of IObuff
|
||||
+func Test_report_error_with_composing()
|
||||
+ let caught = 'no'
|
||||
+ try
|
||||
+ exe repeat('0', 987) .. "0\xdd\x80\xdd\x80\xdd\x80\xdd\x80"
|
||||
+ catch /E492:/
|
||||
+ let caught = 'yes'
|
||||
+ endtry
|
||||
+ call assert_equal('yes', caught)
|
||||
+endfunc
|
||||
+
|
||||
" vim: shiftwidth=2 sts=2 expandtab
|
||||
--
|
||||
2.27.0
|
||||
|
||||
9
vim.spec
9
vim.spec
@ -12,7 +12,7 @@
|
||||
Name: vim
|
||||
Epoch: 2
|
||||
Version: 8.2
|
||||
Release: 31
|
||||
Release: 32
|
||||
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
|
||||
License: Vim and MIT
|
||||
URL: http://www.vim.org
|
||||
@ -93,6 +93,7 @@ Patch6056: backport-CVE-2022-0554.patch
|
||||
Patch6057: backport-CVE-2022-0943.patch
|
||||
Patch6058: backport-CVE-2021-4069.patch
|
||||
Patch6059: backport-CVE-2022-0629.patch
|
||||
Patch6060: backport-CVE-2022-1616.patch
|
||||
|
||||
Patch9000: bugfix-rm-modify-info-version.patch
|
||||
|
||||
@ -481,6 +482,12 @@ popd
|
||||
%{_mandir}/man1/evim.*
|
||||
|
||||
%changelog
|
||||
* Mon May 09 2022 shangyibin <shangyibin1@h-partners.com> - 2:8.2-32
|
||||
- Type:CVE
|
||||
- ID:CVE-2022-1616
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2022-1616
|
||||
|
||||
* Fri Apr 1 2022 wangjiang <wangjiang37@h-partners.com> - 2:8.2-31
|
||||
- Type:CVE
|
||||
- ID:CVE-2022-0629
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user