From 0c719448e209e2c2234fa84724e889833f08c32f Mon Sep 17 00:00:00 2001 From: Funda Wang Date: Sat, 24 Aug 2024 08:14:16 +0800 Subject: [PATCH] fix CVE-2024-43790 --- backport-CVE-2024-43790.patch | 31 +++++++++++++++++++++++++++++++ vim.spec | 9 ++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-43790.patch diff --git a/backport-CVE-2024-43790.patch b/backport-CVE-2024-43790.patch new file mode 100644 index 0000000..bd98c1d --- /dev/null +++ b/backport-CVE-2024-43790.patch @@ -0,0 +1,31 @@ +From cacb6693c10bb19f28a50eca47bc4bc33eccbae3 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Thu, 22 Aug 2024 21:40:14 +0200 +Subject: [PATCH] patch 9.1.0689: [security]: buffer-overflow in do_search() + with 'rightleft' + +Problem: buffer-overflow in do_search() with 'rightleft' + (SuyueGuo) +Solution: after reversing the text (which allocates a new buffer), + re-calculate the text length + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm + +Signed-off-by: Christian Brabandt +--- + src/search.c | 1 + + 1 files changed, 1 insertions(+) + +diff --git a/src/search.c b/src/search.c +index 01c143f69bec7..e5936d8294129 100644 +--- a/src/search.c ++++ b/src/search.c +@@ -1548,6 +1548,7 @@ do_search( + { + vim_free(msgbuf); + msgbuf = r; ++ msgbuflen = STRLEN(msgbuf); + // move reversed text to beginning of buffer + while (*r != NUL && *r == ' ') + r++; diff --git a/vim.spec b/vim.spec index e6c6980..f7ee6a5 100644 --- a/vim.spec +++ b/vim.spec @@ -14,7 +14,7 @@ Name: vim Epoch: 2 Version: %{baseversion}.%{patchlevel} -Release: 10 +Release: 11 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -49,6 +49,7 @@ Patch6014: backport-CVE-2024-41965.patch Patch6015: backport-patch-9.1.0554-bw-leaves-jumplist-and-tagstack-data-.patch Patch6016: backport-CVE-2024-41957.patch Patch6017: backport-CVE-2024-43374.patch +Patch6018: backport-CVE-2024-43790.patch Patch9000: bugfix-rm-modify-info-version.patch @@ -456,6 +457,12 @@ LC_ALL=en_US.UTF-8 make -j1 test || echo "Warning: Please check tests." %{_mandir}/man1/evim.* %changelog +* Sat Aug 24 2024 Funda Wang - 2:9.0.2092-11 +- Type:CVE +- ID:CVE-2024-43790 +- SUG:NA +- DESC:fix CVE-2024-43790 + * Wed Aug 21 2024 Funda Wang - 2:9.0.2092-10 - Type:enhacement - ID:NA -- Gitee