diff --git a/backport-CVE-2022-0123.patch b/backport-CVE-2022-0123.patch new file mode 100644 index 0000000000000000000000000000000000000000..0324ad85f22d2fa4f0929585a583406dada0f7cc --- /dev/null +++ b/backport-CVE-2022-0123.patch @@ -0,0 +1,62 @@ +From de05bb25733c3319e18dca44e9b59c6ee389eb26 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Thu, 13 Jan 2022 13:08:14 +0000 +Subject: [PATCH] patch 8.2.4074: going over the end of NameBuff + +Problem: Going over the end of NameBuff. +Solution: Check length when appending a space. + +--- + src/drawscreen.c | 9 +++++---- + src/testdir/test_edit.vim | 15 +++++++++++++++ + src/version.c | 2 ++ + 3 files changed, 22 insertions(+), 4 deletions(-) + +diff --git a/src/drawscreen.c b/src/drawscreen.c +index 9acb705..7425ad4 100644 +--- a/src/drawscreen.c ++++ b/src/drawscreen.c +@@ -437,12 +437,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) + p = NameBuff; + len = (int)STRLEN(p); + +- if (bt_help(wp->w_buffer) ++ if ((bt_help(wp->w_buffer) + #ifdef FEAT_QUICKFIX +- || wp->w_p_pvw ++ || wp->w_p_pvw + #endif +- || bufIsChanged(wp->w_buffer) +- || wp->w_buffer->b_p_ro) ++ || bufIsChanged(wp->w_buffer) ++ || wp->w_buffer->b_p_ro) ++ && len < MAXPATHL - 1) + *(p + len++) = ' '; + if (bt_help(wp->w_buffer)) + { +diff --git a/src/testdir/test_edit.vim b/src/testdir/test_edit.vim +index c3b1af5..48e6ff2 100644 +--- a/src/testdir/test_edit.vim ++++ b/src/testdir/test_edit.vim +@@ -1532,3 +1532,18 @@ func Test_edit_put_CTRL_E() + set encoding=utf-8 + endfunc + ++" Weird long file name was going over the end of NameBuff ++func Test_edit_overlong_file_name() ++ CheckUnix ++ ++ file 0000000000000000000000000000 ++ file %%%%%%%%%%%%%%%%%%%%%%%%%% ++ file %%%%%% ++ set readonly ++ set ls=2 ++ ++ redraw! ++ set noreadonly ls& ++ bwipe! ++endfunc ++ +-- +2.23.0 + diff --git a/vim.spec b/vim.spec index 95eb34229b5206c9cf108ff306f501f6d9f5365c..c634bb7090552b4e3fa02e871388a43fac6a3f81 100644 --- a/vim.spec +++ b/vim.spec @@ -11,7 +11,7 @@ Name: vim Epoch: 2 Version: 8.2 -Release: 11 +Release: 12 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -54,6 +54,7 @@ Patch6020: backport-CVE-2021-4166.patch Patch6021: backport-fix-arglist-test-fails.patch Patch6022: backport-CVE-2021-4192.patch Patch6023: backport-CVE-2021-4193.patch +Patch6024: backport-CVE-2022-0123.patch Patch9000: bugfix-rm-modify-info-version.patch @@ -442,6 +443,12 @@ popd %{_mandir}/man1/evim.* %changelog +* Thu Jan 20 2022 guozhaorui - 2:8.2-12 +- Type:CVE +- ID:CVE-2022-0123 +- SUG:NA +- DESC:fix CVE-2022-0123 + * Mon Jan 17 2022 yuanxin - 2:8.2-11 - Type:CVE - ID:CVE-2021-4166 CVE-2021-4192 CVE-2021-4193