Fix CVE-2022-2175
(cherry picked from commit f2b7e60f2f439b69cc05646c60c86b6c00780e19)
This commit is contained in:
rwx403335
openeuler-sync-bot
parent
e9c9bbcb46
commit
f897b93c30
68
backport-CVE-2022-2175.patch
Normal file
68
backport-CVE-2022-2175.patch
Normal file
@ -0,0 +1,68 @@
|
||||
From 6046aded8da002b08d380db29de2ba0268b6616e Mon Sep 17 00:00:00 2001
|
||||
From: Bram Moolenaar <Bram@vim.org>
|
||||
Date: Wed, 22 Jun 2022 13:51:54 +0100
|
||||
Subject: [PATCH] patch 8.2.5148: invalid memory access when using expression
|
||||
on command line
|
||||
|
||||
Problem: Invalid memory access when using an expression on the command line.
|
||||
Solution: Make sure the position does not go negative.
|
||||
---
|
||||
src/ex_getln.c | 6 ++++--
|
||||
src/testdir/test_cmdline.vim | 5 +++++
|
||||
2 files changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/ex_getln.c b/src/ex_getln.c
|
||||
index aa01f80..887b47d 100644
|
||||
--- a/src/ex_getln.c
|
||||
+++ b/src/ex_getln.c
|
||||
@@ -820,6 +820,7 @@ getcmdline_int(
|
||||
cmdline_info_T save_ccline;
|
||||
int did_save_ccline = FALSE;
|
||||
int cmdline_type;
|
||||
+ int save_new_cmdpos;
|
||||
|
||||
// one recursion level deeper
|
||||
++depth;
|
||||
@@ -1757,6 +1758,7 @@ getcmdline_int(
|
||||
goto returncmd; // back to cmd mode
|
||||
|
||||
case Ctrl_R: // insert register
|
||||
+ save_new_cmdpos = new_cmdpos;
|
||||
#ifdef USE_ON_FLY_SCROLL
|
||||
dont_scroll = TRUE; // disallow scrolling here
|
||||
#endif
|
||||
@@ -1774,8 +1776,6 @@ getcmdline_int(
|
||||
#ifdef FEAT_EVAL
|
||||
/*
|
||||
* Insert the result of an expression.
|
||||
- * Need to save the current command line, to be able to enter
|
||||
- * a new one...
|
||||
*/
|
||||
new_cmdpos = -1;
|
||||
if (c == '=')
|
||||
@@ -1816,6 +1816,8 @@ getcmdline_int(
|
||||
}
|
||||
#endif
|
||||
}
|
||||
+ new_cmdpos = save_new_cmdpos;
|
||||
+
|
||||
redrawcmd();
|
||||
goto cmdline_changed;
|
||||
|
||||
diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
|
||||
index 4665c75..2588a0d 100644
|
||||
--- a/src/testdir/test_cmdline.vim
|
||||
+++ b/src/testdir/test_cmdline.vim
|
||||
@@ -925,4 +925,9 @@ func Test_recursive_register()
|
||||
call assert_equal('yes', caught)
|
||||
endfunc
|
||||
|
||||
+" This was making the insert position negative
|
||||
+func Test_cmdline_expr_register()
|
||||
+ exe "sil! norm! ?\<C-\>e0\<C-R>0\<Esc>?\<C-\>e0\<CR>"
|
||||
+endfunc
|
||||
+
|
||||
" vim: shiftwidth=2 sts=2 expandtab
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -0,0 +1,48 @@
|
||||
From 6689df024bce4309ec5884e445738fe07ee4ffcc Mon Sep 17 00:00:00 2001
|
||||
From: Bram Moolenaar <Bram@vim.org>
|
||||
Date: Wed, 22 Jun 2022 18:14:29 +0100
|
||||
Subject: [PATCH] patch 8.2.5149: cannot build without the +eval feature
|
||||
|
||||
Problem: Cannot build without the +eval feature. (Tony Mechelynck)
|
||||
Solution: Add #ifdefs.
|
||||
---
|
||||
src/ex_getln.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/ex_getln.c b/src/ex_getln.c
|
||||
index 887b47d..8383eee 100644
|
||||
--- a/src/ex_getln.c
|
||||
+++ b/src/ex_getln.c
|
||||
@@ -820,7 +820,9 @@ getcmdline_int(
|
||||
cmdline_info_T save_ccline;
|
||||
int did_save_ccline = FALSE;
|
||||
int cmdline_type;
|
||||
+#ifdef FEAT_EVAL
|
||||
int save_new_cmdpos;
|
||||
+#endif
|
||||
|
||||
// one recursion level deeper
|
||||
++depth;
|
||||
@@ -1758,7 +1760,9 @@ getcmdline_int(
|
||||
goto returncmd; // back to cmd mode
|
||||
|
||||
case Ctrl_R: // insert register
|
||||
+#ifdef FEAT_EVAL
|
||||
save_new_cmdpos = new_cmdpos;
|
||||
+#endif
|
||||
#ifdef USE_ON_FLY_SCROLL
|
||||
dont_scroll = TRUE; // disallow scrolling here
|
||||
#endif
|
||||
@@ -1816,7 +1820,9 @@ getcmdline_int(
|
||||
}
|
||||
#endif
|
||||
}
|
||||
+#ifdef FEAT_EVAL
|
||||
new_cmdpos = save_new_cmdpos;
|
||||
+#endif
|
||||
|
||||
redrawcmd();
|
||||
goto cmdline_changed;
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
10
vim.spec
10
vim.spec
@ -12,7 +12,7 @@
|
||||
Name: vim
|
||||
Epoch: 2
|
||||
Version: 8.2
|
||||
Release: 44
|
||||
Release: 45
|
||||
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
|
||||
License: Vim and MIT
|
||||
URL: http://www.vim.org
|
||||
@ -123,6 +123,8 @@ Patch6086: backport-CVE-2022-1897.patch
|
||||
Patch6087: backport-CVE-2022-1968.patch
|
||||
Patch6088: backport-CVE-2022-1771.patch
|
||||
Patch6089: backport-CVE-2022-2124.patch
|
||||
Patch6090: backport-CVE-2022-2175.patch
|
||||
Patch6091: backport-patch-8.2.5149-cannot-build-without-the-eval-feature.patch
|
||||
|
||||
Patch9000: bugfix-rm-modify-info-version.patch
|
||||
|
||||
@ -511,6 +513,12 @@ popd
|
||||
%{_mandir}/man1/evim.*
|
||||
|
||||
%changelog
|
||||
* Tue Jun 28 2022 renhongxun <renhongxun@h-partners.com> - 2:8.2-45
|
||||
- Type:CVE
|
||||
- ID:CVE-2022-2175
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2022-2175
|
||||
|
||||
* Thu Jun 23 2022 liukuo <liukuo@kylinos.cn> - 2:8.2-44
|
||||
- Type:CVE
|
||||
- ID:CVE-2022-2124
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user