fix CVE-2024-43802
This commit is contained in:
wjiang
parent
a68e2d5dfd
commit
7e5489e767
45
backport-CVE-2024-43802.patch
Normal file
45
backport-CVE-2024-43802.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From 322ba9108612bead5eb7731ccb66763dec69ef1b Mon Sep 17 00:00:00 2001
|
||||
From: Christian Brabandt <cb@256bit.org>
|
||||
Date: Sun, 25 Aug 2024 21:33:03 +0200
|
||||
Subject: [PATCH] patch 9.1.0697: [security]: heap-buffer-overflow in
|
||||
ins_typebuf
|
||||
|
||||
Problem: heap-buffer-overflow in ins_typebuf
|
||||
(SuyueGuo)
|
||||
Solution: When flushing the typeahead buffer, validate that there
|
||||
is enough space left
|
||||
|
||||
Github Advisory:
|
||||
https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh
|
||||
|
||||
Signed-off-by: Christian Brabandt <cb@256bit.org>
|
||||
---
|
||||
src/getchar.c | 15 ++++++++++++---
|
||||
1 files changed, 12 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/getchar.c b/src/getchar.c
|
||||
index 29323fa328bd1..96e180f4ae1a9 100644
|
||||
--- a/src/getchar.c
|
||||
+++ b/src/getchar.c
|
||||
@@ -437,9 +437,18 @@ flush_buffers(flush_buffers_T flush_typeahead)
|
||||
|
||||
if (flush_typeahead == FLUSH_MINIMAL)
|
||||
{
|
||||
- // remove mapped characters at the start only
|
||||
- typebuf.tb_off += typebuf.tb_maplen;
|
||||
- typebuf.tb_len -= typebuf.tb_maplen;
|
||||
+ // remove mapped characters at the start only,
|
||||
+ // but only when enough space left in typebuf
|
||||
+ if (typebuf.tb_off + typebuf.tb_maplen >= typebuf.tb_buflen)
|
||||
+ {
|
||||
+ typebuf.tb_off = MAXMAPLEN;
|
||||
+ typebuf.tb_len = 0;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ typebuf.tb_off += typebuf.tb_maplen;
|
||||
+ typebuf.tb_len -= typebuf.tb_maplen;
|
||||
+ }
|
||||
#if defined(FEAT_CLIENTSERVER) || defined(FEAT_EVAL)
|
||||
if (typebuf.tb_len == 0)
|
||||
typebuf_was_filled = FALSE;
|
||||
9
vim.spec
9
vim.spec
@ -12,7 +12,7 @@
|
||||
Name: vim
|
||||
Epoch: 2
|
||||
Version: 9.0
|
||||
Release: 26
|
||||
Release: 27
|
||||
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
|
||||
License: Vim and MIT
|
||||
URL: http://www.vim.org
|
||||
@ -125,6 +125,7 @@ Patch6095: backport-CVE-2024-41965.patch
|
||||
Patch6096: backport-patch-9.1.0554-bw-leaves-jumplist-and-tagstack-data-.patch
|
||||
Patch6097: backport-CVE-2024-41957.patch
|
||||
Patch6098: backport-CVE-2024-43374.patch
|
||||
Patch6099: backport-CVE-2024-43802.patch
|
||||
|
||||
Patch9000: bugfix-rm-modify-info-version.patch
|
||||
Patch9001: vim-Add-sw64-architecture.patch
|
||||
@ -535,6 +536,12 @@ LANG=en_US.UTF-8 make -j1 test
|
||||
%{_mandir}/man1/evim.*
|
||||
|
||||
%changelog
|
||||
* Thu Aug 29 2024 wangjiang <app@cameyan.com> - 2:9.0-27
|
||||
- Type:CVE
|
||||
- ID:CVE-2024-43802
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2024-43802
|
||||
|
||||
* Wed Aug 21 2024 wangjiang <wangjiang37@h-partners.com> - 2:9.0-26
|
||||
- Type:enhacement
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user