unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob 69f93d9afcabf566aa5c35e525156aff47df4056 1131 bytes (raw)
name: gnu/packages/patches/vim-CVE-2017-5953.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

 
Fix CVE-2017-5953:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953
https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY

Patch adapted from upstream source repository:

https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d

From 399c297aa93afe2c0a39e2a1b3f972aebba44c9d Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Thu, 9 Feb 2017 21:07:12 +0100
Subject: [PATCH] patch 8.0.0322: possible overflow with corrupted spell file

Problem:    Possible overflow with spell file where the tree length is
            corrupted.
Solution:   Check for an invalid length (suggested by shqking)
---
 src/spellfile.c | 3 +++
 src/version.c   | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/src/spellfile.c b/src/spellfile.c
index c7d87c6..8b1a3a6 100644
--- a/src/spellfile.c
+++ b/src/spellfile.c
@@ -1595,6 +1595,9 @@ spell_read_tree(
     len = get4c(fd);
     if (len < 0)
 	return SP_TRUNCERROR;
+    if (len >= 0x3ffffff)
+	/* Invalid length, multiply with sizeof(int) would overflow. */
+	return SP_FORMERROR;
     if (len > 0)
     {
 	/* Allocate the byte array. */

debug log:

solving 69f93d9af ...
found 69f93d9af in https://yhetil.org/guix-devel/aa9a30db5b551a43f4ac962b15a5d2dca8fede05.1487025150.git.leo@famulari.name/

applying [1/1] https://yhetil.org/guix-devel/aa9a30db5b551a43f4ac962b15a5d2dca8fede05.1487025150.git.leo@famulari.name/
diff --git a/gnu/packages/patches/vim-CVE-2017-5953.patch b/gnu/packages/patches/vim-CVE-2017-5953.patch
new file mode 100644
index 000000000..69f93d9af

1:36: space before tab in indent.
 	return SP_TRUNCERROR;
1:42: space before tab in indent.
 	/* Allocate the byte array. */
Checking patch gnu/packages/patches/vim-CVE-2017-5953.patch...
Applied patch gnu/packages/patches/vim-CVE-2017-5953.patch cleanly.
warning: 2 lines add whitespace errors.

index at:
100644 69f93d9afcabf566aa5c35e525156aff47df4056	gnu/packages/patches/vim-CVE-2017-5953.patch

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).