packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!654 [sync] PR-651: fix CVE-2024-43802

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @gaoruoshu 
Signed-off-by: @gaoruoshu
This commit is contained in:
openeuler-ci-bot 2024-09-02 10:55:41 +00:00 committed by Gitee
commit 7670ef8265
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
backport-CVE-2024-43802.patch Normal file
View File

@ -0,0 +1,45 @@
From 322ba9108612bead5eb7731ccb66763dec69ef1b Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Sun, 25 Aug 2024 21:33:03 +0200
Subject: [PATCH] patch 9.1.0697: [security]: heap-buffer-overflow in
ins_typebuf
Problem: heap-buffer-overflow in ins_typebuf
(SuyueGuo)
Solution: When flushing the typeahead buffer, validate that there
is enough space left
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh
Signed-off-by: Christian Brabandt <cb@256bit.org>
---
src/getchar.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/getchar.c b/src/getchar.c
index 29323fa328bd1..96e180f4ae1a9 100644
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -438,9 +438,18 @@ flush_buffers(flush_buffers_T flush_typeahead)
if (flush_typeahead == FLUSH_MINIMAL)
{
- // remove mapped characters at the start only
- typebuf.tb_off += typebuf.tb_maplen;
- typebuf.tb_len -= typebuf.tb_maplen;
+ // remove mapped characters at the start only,
+ // but only when enough space left in typebuf
+ if (typebuf.tb_off + typebuf.tb_maplen >= typebuf.tb_buflen)
+ {
+ typebuf.tb_off = MAXMAPLEN;
+ typebuf.tb_len = 0;
+ }
+ else
+ {
+ typebuf.tb_off += typebuf.tb_maplen;
+ typebuf.tb_len -= typebuf.tb_maplen;
+ }
#if defined(FEAT_CLIENTSERVER) || defined(FEAT_EVAL)
if (typebuf.tb_len == 0)
typebuf_was_filled = FALSE;

9
vim.spec
View File

@ -14,7 +14,7 @@
Name: vim
Epoch: 2
Version: %{baseversion}.%{patchlevel}
Release: 10
Release: 11
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT
URL: http://www.vim.org
@ -49,6 +49,7 @@ Patch6014: backport-CVE-2024-41965.patch
Patch6015: backport-patch-9.1.0554-bw-leaves-jumplist-and-tagstack-data-.patch
Patch6016: backport-CVE-2024-41957.patch
Patch6017: backport-CVE-2024-43374.patch
Patch6018: backport-CVE-2024-43802.patch
Patch9000: bugfix-rm-modify-info-version.patch
@ -456,6 +457,12 @@ LC_ALL=en_US.UTF-8 make -j1 test || echo "Warning: Please check tests."
%{_mandir}/man1/evim.*
%changelog
* Thu Aug 29 2024 wangjiang <app@cameyan.com> - 2:9.0.2092-11
- Type:CVE
- ID:CVE-2024-43802
- SUG:NA
- DESC:fix CVE-2024-43802
* Wed Aug 21 2024 Funda Wang <fundawang@yeah.net> - 2:9.0.2092-10
- Type:enhacement
- ID:NA