diff options
Diffstat (limited to 'debian/patches/CVE-2022-1942.patch')
| -rw-r--r-- | debian/patches/CVE-2022-1942.patch | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/debian/patches/CVE-2022-1942.patch b/debian/patches/CVE-2022-1942.patch new file mode 100644 index 0000000..e2f5b9c --- /dev/null +++ b/debian/patches/CVE-2022-1942.patch @@ -0,0 +1,122 @@ +From 71223e2db87c2bf3b09aecb46266b56cda26191d Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Mon, 30 May 2022 15:23:09 +0100 +Subject: [PATCH] patch 8.2.5043: can open a cmdline window from a substitute + expression + +Problem: Can open a cmdline window from a substitute expression. +Solution: Disallow opening a command line window when text or buffer is + locked. +--- + src/buffer.c | 7 +------ + src/ex_getln.c | 19 +++++++++++++++++++ + src/proto/ex_getln.pro | 5 +++-- + src/testdir/test_substitute.vim | 25 +++++++++++++++++++++++++ + src/version.c | 2 ++ + src/window.c | 5 +---- + 6 files changed, 51 insertions(+), 12 deletions(-) + +Backport: Drop test case, because the expected E565 was only introduced in + 8.2.0670 and the testcase does not otherwise fail or issue messages in + valgrind. + +diff --git a/src/buffer.c b/src/buffer.c +index efec431c822d..e775398d0294 100644 +--- a/src/buffer.c ++++ b/src/buffer.c +@@ -2297,12 +2297,7 @@ buflist_getfile( + if (buf == curbuf) + return OK; + +- if (text_locked()) +- { +- text_locked_msg(); +- return FAIL; +- } +- if (curbuf_locked()) ++ if (text_or_buf_locked()) + return FAIL; + + /* altfpos may be changed by getfile(), get it now */ +diff --git a/src/ex_getln.c b/src/ex_getln.c +index 9dadfbf2fabe..623bd1d4984a 100644 +--- a/src/ex_getln.c ++++ b/src/ex_getln.c +@@ -2589,6 +2589,21 @@ get_text_locked_msg(void) + return e_secure; + } + ++/* ++ * Check for text, window or buffer locked. ++ * Give an error message and return TRUE if something is locked. ++ */ ++ int ++text_or_buf_locked(void) ++{ ++ if (text_locked()) ++ { ++ text_locked_msg(); ++ return TRUE; ++ } ++ return curbuf_locked(); ++} ++ + /* + * Check if "curbuf_lock" or "allbuf_lock" is set and return TRUE when it is + * and give an error message. +@@ -7188,6 +7203,10 @@ open_cmdwin(void) + int save_KeyTyped; + #endif + ++ /* Can't do this when text or buffer is locked. */ ++ if (text_or_buf_locked()) ++ return K_IGNORE; ++ + /* Can't do this recursively. Can't do it when typing a password. */ + if (cmdwin_type != 0 + # if defined(FEAT_CRYPT) || defined(FEAT_EVAL) +diff --git a/src/proto/ex_getln.pro b/src/proto/ex_getln.pro +index 8c8bd0ebd4cd..bcc310c7dd0e 100644 +--- a/src/proto/ex_getln.pro ++++ b/src/proto/ex_getln.pro +@@ -5,6 +5,7 @@ + int text_locked(void); + void text_locked_msg(void); + char *get_text_locked_msg(void); ++int text_or_buf_locked(void); + int curbuf_locked(void); + int allbuf_locked(void); + char_u *getexline(int c, void *cookie, int indent); +diff --git a/src/version.c b/src/version.c +index 18a1fdb41cb6..a15bb3ed8d6a 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -791,6 +791,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 5043, + /**/ + 805, + /**/ +diff --git a/src/window.c b/src/window.c +index f2913d4a76ef..9b5ac97286cd 100644 +--- a/src/window.c ++++ b/src/window.c +@@ -4173,14 +4173,11 @@ win_goto(win_T *wp) + win_T *owp = curwin; + #endif + +- if (text_locked()) ++ if (text_or_buf_locked()) + { + beep_flush(); +- text_locked_msg(); + return; + } +- if (curbuf_locked()) +- return; + + if (wp->w_buffer != curbuf) + reset_VIsual_and_resel(); |