All of lore.kernel.org
 help / color / mirror / Atom feed
From: Rahul Chauhan <rahulchauhankitps@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Rahul Chauhan <rahulchauhankitps@gmail.com>
Subject: [PATCH 2/2] vim: Security Fix For CVE-2022-1420
Date: Mon,  2 May 2022 18:20:12 +0530	[thread overview]
Message-ID: <20220502125012.11630-2-rahulchauhankitps@gmail.com> (raw)
In-Reply-To: <20220502125012.11630-1-rahulchauhankitps@gmail.com>

CVE: CVE-2022-1420

Signed-off-by: Rahul Chauhan <rahulchauhankitps@gmail.com>
---
 .../vim/files/CVE-2022-1420.patch             | 93 +++++++++++++++++++
 meta/recipes-support/vim/vim.inc              |  1 +
 2 files changed, 94 insertions(+)
 create mode 100644 meta/recipes-support/vim/files/CVE-2022-1420.patch

diff --git a/meta/recipes-support/vim/files/CVE-2022-1420.patch b/meta/recipes-support/vim/files/CVE-2022-1420.patch
new file mode 100644
index 0000000000..2c2e09a9d2
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2022-1420.patch
@@ -0,0 +1,93 @@
+From 6258e29cbdc55c9496baa23462ef77d79a4e08cf Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sun, 17 Apr 2022 15:06:35 +0100
+Subject: [PATCH] patch 8.2.4774: crash when using a number for lambda name
+
+Problem:    Crash when using a number for lambda name.
+Solution:   Check the type of the lambda reference.
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca]
+CVE-2022-1420
+
+Signed-off-by: Rahul Chauhan <rahulchauhankitps@gmail.com>
+---
+ src/errors.h                |  4 ++++
+ src/eval.c                  | 16 ++++++++++------
+ src/testdir/test_lambda.vim |  4 ++++
+ src/version.c               |  2 ++
+ 4 files changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/src/errors.h b/src/errors.h
+index 951acabb2..96bba755b 100644
+--- a/src/errors.h
++++ b/src/errors.h
+@@ -3256,3 +3256,7 @@ EXTERN char e_compiling_closure_without_context_str[]
+ EXTERN char e_using_type_not_in_script_context_str[]
+ 	INIT(= N_("E1272: Using type not in a script context: %s"));
+ #endif
++#ifdef FEAT_EVAL
++EXTERN char e_string_or_function_required_for_arrow_parens_expr[]
++       INIT(= N_("E1275: String or function required for ->(expr)"));
++#endif
+diff --git a/src/eval.c b/src/eval.c
+index 2cde64216..5d208a378 100644
+--- a/src/eval.c
++++ b/src/eval.c
+@@ -4094,19 +4094,23 @@ eval_lambda(
+ 	++*arg;
+ 	ret = eval1(arg, rettv, evalarg);
+ 	*arg = skipwhite_and_linebreak(*arg, evalarg);
+-	if (**arg == ')')
++	if (**arg != ')')
+ 	{
+-	    ++*arg;
++	    emsg(_(e_missing_closing_paren));
++	    return FAIL;
+ 	}
+-	else
++	if (rettv->v_type != VAR_STRING && rettv->v_type != VAR_FUNC
++					       && rettv->v_type != VAR_PARTIAL)
+ 	{
+-	    emsg(_(e_missing_closing_paren));
+-	    ret = FAIL;
++	    emsg(_(e_string_or_function_required_for_arrow_parens_expr));
++	    return FAIL;
+ 	}
++	++*arg;
+     }
+     if (ret != OK)
+ 	return FAIL;
+-    else if (**arg != '(')
++
++    if (**arg != '(')
+     {
+ 	if (verbose)
+ 	{
+diff --git a/src/testdir/test_lambda.vim b/src/testdir/test_lambda.vim
+index e6dcb6774..8d06e5973 100644
+--- a/src/testdir/test_lambda.vim
++++ b/src/testdir/test_lambda.vim
+@@ -66,6 +66,10 @@ function Test_lambda_fails()
+   echo assert_fails('echo 10->{a -> a + 2}', 'E107:')
+ 
+   call assert_fails('eval 0->(', "E110: Missing ')'")
++  call assert_fails('eval 0->(3)()', "E1275:")
++  call assert_fails('eval 0->([3])()', "E1275:")
++  call assert_fails('eval 0->({"a": 3})()', "E1275:")
++  call assert_fails('eval 0->(xxx)()', "E121:")
+ endfunc
+ 
+ func Test_not_lamda()
+diff --git a/src/version.c b/src/version.c
+index 38c3e69b6..c7516e3a5 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -750,6 +750,8 @@ static char *(features[]) =
+ 
+ static int included_patches[] =
+ {   /* Add new patch number below this line */
++/**/
++    4774,
+ /**/
+     4763,
+ /**/
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index c78e53007e..05891b07df 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://no-path-adjust.patch \
            file://racefix.patch \
            file://CVE-2022-1381.patch \
+           file://CVE-2022-1420.patch \
            "
 
 PV .= ".4681"
-- 
2.17.1



  reply	other threads:[~2022-05-02 12:50 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-02 12:50 [PATCH 1/2] vim: Security Fix For CVE-2022-1381 Rahul Chauhan
2022-05-02 12:50 ` Rahul Chauhan [this message]
2022-05-03 19:57 ` [OE-core] " Richard Purdie

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220502125012.11630-2-rahulchauhankitps@gmail.com \
    --to=rahulchauhankitps@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.