1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From: Markus Koschany <apo@debian.org>
Date: Wed, 19 Oct 2022 19:50:16 +0200
Subject: CVE-2021-4019
Origin: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142
---
src/ex_cmds.c | 3 +--
src/testdir/test_help.vim | 10 ++++++++++
2 files changed, 11 insertions(+), 2 deletions(-)
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -6658,8 +6658,7 @@ find_help_tags(
|| (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
&& arg[2] != NUL)))
{
- STRCPY(d, "/\\\\");
- STRCPY(d + 3, arg + 1);
+ vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
/* Check for "/\\_$", should be "/\\_\$" */
if (d[3] == '_' && d[4] == '$')
STRCPY(d + 4, "\\$");
--- a/src/testdir/test_help.vim
+++ b/src/testdir/test_help.vim
@@ -49,3 +49,13 @@ func Test_help_local_additions()
call delete('Xruntime', 'rf')
let &rtp = rtp_save
endfunc
+
+" CVE-2021-4019
+func Test_help_long_argument()
+ try
+ exe 'help \%' .. repeat('0', 1021)
+ catch
+ call assert_match("E15:", v:exception)
+ endtry
+endfunc
+
|
