diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-08 05:08:16 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-08 05:08:16 +0000 |
| commit | 37406d9074654510ff5ed9362800a23a943d80f4 (patch) | |
| tree | 097a3866b08d2e85a159bf3f8e3a192b161821a8 /debian/patches/CVE-2022-2000.patch | |
| parent | Adding debian version 2:8.1.0875-5+deb10u3. (diff) | |
| download | vim-34fa921a380f0b29ff5ec8b3997d7d8d7a1cbe3e.tar.xz vim-34fa921a380f0b29ff5ec8b3997d7d8d7a1cbe3e.zip | |
Adding debian version 2:8.1.0875-5+deb10u4.debian/2%8.1.0875-5+deb10u4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2022-2000.patch')
| -rw-r--r-- | debian/patches/CVE-2022-2000.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/debian/patches/CVE-2022-2000.patch b/debian/patches/CVE-2022-2000.patch new file mode 100644 index 0000000..7f1a1e6 --- /dev/null +++ b/debian/patches/CVE-2022-2000.patch @@ -0,0 +1,65 @@ +From 44a3f3353e0407e9fffee138125a6927d1c9e7e5 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Mon, 6 Jun 2022 15:38:21 +0100 +Subject: [PATCH] patch 8.2.5063: error for a command may go over the end of + IObuff + +Problem: Error for a command may go over the end of IObuff. +Solution: Truncate the message. +--- + src/ex_docmd.c | 12 ++++++++++-- + src/testdir/test_cmdline.vim | 5 +++++ + src/version.c | 2 ++ + 3 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index cfb40e8d5cfa..634a1bcef566 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -3111,9 +3111,17 @@ parse_cmd_address(exarg_T *eap, char **errormsg, int silent) + static void + append_command(char_u *cmd) + { +- char_u *s = cmd; +- char_u *d; ++ size_t len = STRLEN(IObuff); ++ char_u *s = cmd; ++ char_u *d; + ++ if (len > IOSIZE - 100) ++ { ++ // Not enough space, truncate and put in "...". ++ d = IObuff + IOSIZE - 100; ++ d -= mb_head_off(IObuff, d); ++ STRCPY(d, "..."); ++ } + STRCAT(IObuff, ": "); + d = IObuff + STRLEN(IObuff); + while (*s != NUL && d - IObuff + 5 < IOSIZE) +diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim +index 77965b3f65a3..2289c343e9f8 100644 +--- a/src/testdir/test_cmdline.vim ++++ b/src/testdir/test_cmdline.vim +@@ -657,3 +657,9 @@ + + + set cpo& ++ ++func Test_long_error_message() ++ " the error should be truncated, not overrun IObuff ++ silent! norm Q00000000000000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ++endfunc ++ +diff --git a/src/version.c b/src/version.c +index 542028606dde..dd585c81afe9 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -791,6 +791,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 5063, + /**/ + 5043, + /**/ |