From 3ee1a6fbb0f9f331b831aeda27deb81eec05fcb3 Mon Sep 17 00:00:00 2001 From: shixuantong <1726671442@qq.com> Date: Wed, 9 Mar 2022 17:40:58 +0800 Subject: [PATCH] fix CVE-2022-0685 --- backport-CVE-2022-0685.patch | 85 ++++++++++++++++++++++++++++++++++++ vim.spec | 9 +++- 2 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2022-0685.patch diff --git a/backport-CVE-2022-0685.patch b/backport-CVE-2022-0685.patch new file mode 100644 index 0000000..e8203a5 --- /dev/null +++ b/backport-CVE-2022-0685.patch @@ -0,0 +1,85 @@ +From 5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Sat, 19 Feb 2022 11:20:12 +0000 +Subject: [PATCH] patch 8.2.4418: crash when using special multi-byte character + +Problem: Crash when using special multi-byte character. +Solution: Don't use isalpha() for an arbitrary character. + +Conflict: +upstream patches: ++ call assert_fails('tc űŤŤŤ¦*', 'E344:') +openEuler patches: ++ call assert_fails('tc űŤŤŤ¦*', 'E472:') +--- + src/charset.c | 6 ++++++ + src/filepath.c | 2 +- + src/proto/charset.pro | 2 +- + src/testdir/test_autochdir.vim | 7 +++++++ + 4 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/src/charset.c b/src/charset.c +index a768c17..847a01a 100644 +--- a/src/charset.c ++++ b/src/charset.c +@@ -1654,6 +1654,12 @@ vim_isupper(int c) + return isupper(c); + } + ++ int ++vim_isalpha(int c) ++{ ++ return vim_islower(c) || vim_isupper(c); ++} ++ + int + vim_toupper(int c) + { +diff --git a/src/filepath.c b/src/filepath.c +index 01d2dcb..c7f0265 100644 +--- a/src/filepath.c ++++ b/src/filepath.c +@@ -3300,7 +3300,7 @@ unix_expandpath( + else if (path_end >= path + wildoff + && (vim_strchr((char_u *)"*?[{~$", *path_end) != NULL + || (!p_fic && (flags & EW_ICASE) +- && isalpha(PTR2CHAR(path_end))))) ++ && vim_isalpha(PTR2CHAR(path_end))))) + e = p; + if (has_mbyte) + { +diff --git a/src/proto/charset.pro b/src/proto/charset.pro +index c582a8c..2a928e3 100644 +--- a/src/proto/charset.pro ++++ b/src/proto/charset.pro +@@ -47,6 +47,7 @@ int vim_isxdigit(int c); + int vim_isbdigit(int c); + int vim_islower(int c); + int vim_isupper(int c); ++int vim_isalpha(int c); + int vim_toupper(int c); + int vim_tolower(int c); + char_u *skiptowhite(char_u *p); +@@ -59,5 +60,4 @@ int hexhex2nr(char_u *p); + int rem_backslash(char_u *str); + void backslash_halve(char_u *p); + char_u *backslash_halve_save(char_u *p); +-void ebcdic2ascii(char_u *buffer, int len); + /* vim: set ft=c : */ +diff --git a/src/testdir/test_autochdir.vim b/src/testdir/test_autochdir.vim +index 1473854..99fc9ae 100644 +--- a/src/testdir/test_autochdir.vim ++++ b/src/testdir/test_autochdir.vim +@@ -24,3 +24,10 @@ func Test_set_filename() + call chdir(cwd) + call delete('samples/Xtest') + endfunc ++ ++func Test_multibyte() ++ " using an invalid character should not cause a crash ++ set wic ++ call assert_fails('tc űŤŤŤ¦*', 'E472:') ++ set nowic ++endfunc +-- +2.27.0 diff --git a/vim.spec b/vim.spec index a26e679..fc1e077 100644 --- a/vim.spec +++ b/vim.spec @@ -12,7 +12,7 @@ Name: vim Epoch: 2 Version: 8.2 -Release: 29 +Release: 30 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -91,6 +91,7 @@ Patch6054: backport-CVE-2022-0572.patch Patch6055: backport-CVE-2022-0629.patch Patch6056: backport-CVE-2022-0714.patch Patch6057: backport-CVE-2022-0729.patch +Patch6058: backport-CVE-2022-0685.patch Patch9000: bugfix-rm-modify-info-version.patch @@ -479,6 +480,12 @@ popd %{_mandir}/man1/evim.* %changelog +* Wed Mar 09 2022 shixuantong - 2:8.2-30 +- Type:CVE +- ID:CVE-2022-0685 +- SUG:NA +- DESC:fix CVE-2022-0685 + * Sat Mar 05 2022 yuanxin - 2:8.2-29 - Type:CVE - ID:CVE-2022-0714 CVE-2022-0729 -- Gitee