fix CVE-2021-4019
This commit is contained in:
shixuantong
parent
983fc934fa
commit
3a6936a97e
45
backport-CVE-2021-4019.patch
Normal file
45
backport-CVE-2021-4019.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From bd228fd097b41a798f90944b5d1245eddd484142 Mon Sep 17 00:00:00 2001
|
||||
From: Bram Moolenaar <Bram@vim.org>
|
||||
Date: Thu, 25 Nov 2021 10:50:12 +0000
|
||||
Subject: [PATCH] patch 8.2.3669: buffer overflow with long help argument
|
||||
|
||||
Problem: Buffer overflow with long help argument.
|
||||
Solution: Use snprintf().
|
||||
---
|
||||
src/ex_cmds.c | 3 +--
|
||||
src/testdir/test_help.vim | 8 ++++++++
|
||||
2 files changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
|
||||
index 45c733b..8f6444f 100644
|
||||
--- a/src/ex_cmds.c
|
||||
+++ b/src/ex_cmds.c
|
||||
@@ -5436,8 +5436,7 @@ find_help_tags(
|
||||
|| (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
|
||||
&& arg[2] != NUL)))
|
||||
{
|
||||
- STRCPY(d, "/\\\\");
|
||||
- STRCPY(d + 3, arg + 1);
|
||||
+ vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
|
||||
// Check for "/\\_$", should be "/\\_\$"
|
||||
if (d[3] == '_' && d[4] == '$')
|
||||
STRCPY(d + 4, "\\$");
|
||||
diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
|
||||
index 5dd937a..c2aeb1f 100644
|
||||
--- a/src/testdir/test_help.vim
|
||||
+++ b/src/testdir/test_help.vim
|
||||
@@ -55,3 +55,11 @@ func Test_help_local_additions()
|
||||
call delete('Xruntime', 'rf')
|
||||
let &rtp = rtp_save
|
||||
endfunc
|
||||
+
|
||||
+func Test_help_long_argument()
|
||||
+ try
|
||||
+ exe 'help \%' .. repeat('0', 1021)
|
||||
+ catch
|
||||
+ call assert_match("E149:", v:exception)
|
||||
+ endtry
|
||||
+endfunc
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
9
vim.spec
9
vim.spec
@ -12,7 +12,7 @@
|
||||
Name: vim
|
||||
Epoch: 2
|
||||
Version: 8.2
|
||||
Release: 17
|
||||
Release: 18
|
||||
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
|
||||
License: Vim and MIT
|
||||
URL: http://www.vim.org
|
||||
@ -55,6 +55,7 @@ Patch6017: backport-CVE-2021-3974.patch
|
||||
Patch6018: backport-find-test-fails.patch
|
||||
Patch6019: backport-no-early-check-if-find-and-sfind-have-an-argument.patch
|
||||
Patch6020: backport-CVE-2021-3984.patch
|
||||
Patch6021: backport-CVE-2021-4019.patch
|
||||
|
||||
Patch9000: bugfix-rm-modify-info-version.patch
|
||||
|
||||
@ -443,6 +444,12 @@ popd
|
||||
%{_mandir}/man1/evim.*
|
||||
|
||||
%changelog
|
||||
* Tue Dec 07 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-18
|
||||
- Type:CVE
|
||||
- ID:CVE-2021-4019
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2021-4019
|
||||
|
||||
* Sat Dec 04 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-17
|
||||
- Type:CVE
|
||||
- ID:CVE-2021-3984
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user