fix CVE-2021-4069
This commit is contained in:
renmingshuai
parent
29a19d0fc8
commit
b9e78b46c4
56
backport-CVE-2021-4069.patch
Normal file
56
backport-CVE-2021-4069.patch
Normal file
@ -0,0 +1,56 @@
|
||||
From e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 Mon Sep 17 00:00:00 2001
|
||||
From: Bram Moolenaar <Bram@vim.org>
|
||||
Date: Sun, 5 Dec 2021 12:06:24 +0000
|
||||
Subject: [PATCH] patch 8.2.3741: using freed memory in open command
|
||||
|
||||
Problem: Using freed memory in open command.
|
||||
Solution: Make a copy of the current line.
|
||||
|
||||
Reference:https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9
|
||||
Conflict:src/testdir/test_ex_mode.vim, The current version does not exist and therefore does not fit into this test case
|
||||
---
|
||||
src/ex_docmd.c | 10 +++++++---
|
||||
src/version.c | 2 ++
|
||||
2 files changed, 9 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/ex_docmd.c b/src/ex_docmd.c
|
||||
index 203174a..cb6b64a 100644
|
||||
--- a/src/ex_docmd.c
|
||||
+++ b/src/ex_docmd.c
|
||||
@@ -6030,13 +6030,17 @@ ex_open(exarg_T *eap)
|
||||
regmatch.regprog = vim_regcomp(eap->arg, p_magic ? RE_MAGIC : 0);
|
||||
if (regmatch.regprog != NULL)
|
||||
{
|
||||
+ // make a copy of the line, when searching for a mark it might be
|
||||
+ // flushed
|
||||
+ char_u *line = vim_strsave(ml_get_curline());
|
||||
+
|
||||
regmatch.rm_ic = p_ic;
|
||||
- p = ml_get_curline();
|
||||
- if (vim_regexec(®match, p, (colnr_T)0))
|
||||
- curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - p);
|
||||
+ if (vim_regexec(®match, line, (colnr_T)0))
|
||||
+ curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - line);
|
||||
else
|
||||
emsg(_(e_nomatch));
|
||||
vim_regfree(regmatch.regprog);
|
||||
+ vim_free(line);
|
||||
}
|
||||
// Move to the NUL, ignore any other arguments.
|
||||
eap->arg += STRLEN(eap->arg);
|
||||
diff --git a/src/version.c b/src/version.c
|
||||
index 035c46f..bd45631 100644
|
||||
--- a/src/version.c
|
||||
+++ b/src/version.c
|
||||
@@ -742,6 +742,8 @@ static char *(features[]) =
|
||||
|
||||
static int included_patches[] =
|
||||
{ /* Add new patch number below this line */
|
||||
+/**/
|
||||
+ 3741,
|
||||
/**/
|
||||
3403,
|
||||
/**/
|
||||
--
|
||||
2.27.0
|
||||
|
||||
9
vim.spec
9
vim.spec
@ -12,7 +12,7 @@
|
||||
Name: vim
|
||||
Epoch: 2
|
||||
Version: 8.2
|
||||
Release: 18
|
||||
Release: 19
|
||||
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
|
||||
License: Vim and MIT
|
||||
URL: http://www.vim.org
|
||||
@ -56,6 +56,7 @@ Patch6018: backport-find-test-fails.patch
|
||||
Patch6019: backport-no-early-check-if-find-and-sfind-have-an-argument.patch
|
||||
Patch6020: backport-CVE-2021-3984.patch
|
||||
Patch6021: backport-CVE-2021-4019.patch
|
||||
Patch6022: backport-CVE-2021-4069.patch
|
||||
|
||||
Patch9000: bugfix-rm-modify-info-version.patch
|
||||
|
||||
@ -444,6 +445,12 @@ popd
|
||||
%{_mandir}/man1/evim.*
|
||||
|
||||
%changelog
|
||||
* Sat Dec 11 2021 yuanxin<yuanxin24@huawei.com> - 2:8.2-19
|
||||
- Type:CVE
|
||||
- ID:CVE-2021-4069
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2021-4069
|
||||
|
||||
* Tue Dec 07 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-18
|
||||
- Type:CVE
|
||||
- ID:CVE-2021-4019
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user