vim: fix CVE-2019-12735

(From OE-Core rev: c7efa41e7fed263413d5f55d5ed5d17e874623a3) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-03-19 13:49:41 +01:00 · 2019-07-26 12:47:24 +08:00
parent 069cfba445
commit 4626a7f6d1
2 changed files with 65 additions and 0 deletions
--- a/meta/recipes-support/vim/files/CVE-2019-12735.patch
+++ b/meta/recipes-support/vim/files/CVE-2019-12735.patch
@@ -0,0 +1,64 @@
+From e8197acdd091881fdbf9ed6ca8318f3c96465f0a Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 22 May 2019 22:38:25 +0200
+Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox
+
+Problem:    Source command doesn't check for the sandbox. (Armin Razmjou)
+Solution:   Check for the sandbox when sourcing a file.
+
+Upstream-Status: Backport
+CVE: CVE-2019-12735
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ src/getchar.c               | 6 ++++++
+ src/testdir/test_source.vim | 9 +++++++++
+ src/version.c               | 2 ++
+ 3 files changed, 17 insertions(+)
+
+diff --git a/src/getchar.c b/src/getchar.c
+index 0e9942b..475f644 100644
+--- a/src/getchar.c
+++ b/src/getchar.c
+@@ -1407,6 +1407,12 @@ openscript(
+ 	emsg(_(e_nesting));
+ 	return;
+     }
+
+    // Disallow sourcing a file in the sandbox, the commands would be executed
+    // later, possibly outside of the sandbox.
+    if (check_secure())
+	return;
+
+ #ifdef FEAT_EVAL
+     if (ignore_script)
+ 	/* Not reading from script, also don't open one.  Warning message? */
+diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim
+index a33d286..5166baf 100644
+--- a/src/testdir/test_source.vim
+++ b/src/testdir/test_source.vim
+@@ -36,3 +36,12 @@ func Test_source_cmd()
+   au! SourcePre
+   au! SourcePost
+ endfunc
+
+func Test_source_sandbox()
+  new
+  call writefile(["Ohello\<Esc>"], 'Xsourcehello')
+  source! Xsourcehello | echo
+  call assert_equal('hello', getline(1))
+  call assert_fails('sandbox source! Xsourcehello', 'E48:')
+  bwipe!
+endfunc
+diff --git a/src/version.c b/src/version.c
+index a49f6fb..e4f74be 100644
+--- a/src/version.c
+++ b/src/version.c
+@@ -780,6 +780,8 @@ static char *(features[]) =
+ static int included_patches[] =
+ {   /* Add new patch number below this line */
+ /**/
+    1365,
+/**/
+     1017,
+ /**/
+     1016,
--- a/meta/recipes-support/vim/vim_8.1.1017.bb
+++ b/meta/recipes-support/vim/vim_8.1.1017.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/vim/vim.git \
           file://disable_acl_header_check.patch;patchdir=.. \
           file://vim-add-knob-whether-elf.h-are-checked.patch;patchdir=.. \
           file://0001-src-Makefile-improve-reproducibility.patch;patchdir=.. \
+           file://CVE-2019-12735.patch;patchdir=.. \
 "
 SRCREV = "493fbe4abee660d30b4f2aef87b754b0a720213c"