diff --git a/backport-CVE-2021-4019.patch b/backport-CVE-2021-4019.patch new file mode 100644 index 0000000000000000000000000000000000000000..590cdde961210457df365b6c5604567ee6e83982 --- /dev/null +++ b/backport-CVE-2021-4019.patch @@ -0,0 +1,45 @@ +From bd228fd097b41a798f90944b5d1245eddd484142 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Thu, 25 Nov 2021 10:50:12 +0000 +Subject: [PATCH] patch 8.2.3669: buffer overflow with long help argument + +Problem: Buffer overflow with long help argument. +Solution: Use snprintf(). +--- + src/ex_cmds.c | 3 +-- + src/testdir/test_help.vim | 8 ++++++++ + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/ex_cmds.c b/src/ex_cmds.c +index 45c733b..8f6444f 100644 +--- a/src/ex_cmds.c ++++ b/src/ex_cmds.c +@@ -5436,8 +5436,7 @@ find_help_tags( + || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL + && arg[2] != NUL))) + { +- STRCPY(d, "/\\\\"); +- STRCPY(d + 3, arg + 1); ++ vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1); + // Check for "/\\_$", should be "/\\_\$" + if (d[3] == '_' && d[4] == '$') + STRCPY(d + 4, "\\$"); +diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim +index 5dd937a..c2aeb1f 100644 +--- a/src/testdir/test_help.vim ++++ b/src/testdir/test_help.vim +@@ -55,3 +55,11 @@ func Test_help_local_additions() + call delete('Xruntime', 'rf') + let &rtp = rtp_save + endfunc ++ ++func Test_help_long_argument() ++ try ++ exe 'help \%' .. repeat('0', 1021) ++ catch ++ call assert_match("E149:", v:exception) ++ endtry ++endfunc +-- +1.8.3.1 + diff --git a/vim.spec b/vim.spec index cd6856b7edb65096e5eb7e8292a97ba02ef1f016..84ae3b09c44efc037834f766800f7447d6dca9fc 100644 --- a/vim.spec +++ b/vim.spec @@ -12,7 +12,7 @@ Name: vim Epoch: 2 Version: 8.2 -Release: 17 +Release: 18 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -55,6 +55,7 @@ Patch6017: backport-CVE-2021-3974.patch Patch6018: backport-find-test-fails.patch Patch6019: backport-no-early-check-if-find-and-sfind-have-an-argument.patch Patch6020: backport-CVE-2021-3984.patch +Patch6021: backport-CVE-2021-4019.patch Patch9000: bugfix-rm-modify-info-version.patch @@ -443,6 +444,12 @@ popd %{_mandir}/man1/evim.* %changelog +* Tue Dec 07 2021 shixuantong - 2:8.2-18 +- Type:CVE +- ID:CVE-2021-4019 +- SUG:NA +- DESC:fix CVE-2021-4019 + * Sat Dec 04 2021 shixuantong - 2:8.2-17 - Type:CVE - ID:CVE-2021-3984