jkunstle / rpms / vim

Forked from rpms/vim 3 years ago
Clone
Source Code
GIT

Blame SOURCES/vim-7.4-CVE-2016-1248.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   ad3e6e3e99874f2bfa985b5ec08f81fdbeb10422
  2.   SOURCES
  3.   vim-7.4-CVE-2016-1248.patch
Blob History Raw
cb5af9 
diff -urN vim74_orig/src/option.c vim74/src/option.c
cb5af9 
--- vim74_orig/src/option.c	2016-12-12 12:18:52.614342651 +0100
cb5af9 
+++ vim74/src/option.c	2016-12-12 12:34:08.192983990 +0100
cb5af9 
@@ -5663,6 +5663,21 @@
cb5af9 
     return r;
cb5af9 
 }
cb5af9
cb5af9 
+ /*
cb5af9 
+ * Return TRUE if "val" is a valid 'filetype' name.
cb5af9 
+ * Also used for 'syntax' and 'keymap'.
cb5af9 
+ */
cb5af9 
+    static int
cb5af9 
+valid_filetype(char_u *val)
cb5af9 
+{
cb5af9 
+    char_u *s;
cb5af9 
+
cb5af9 
+    for (s = val; *s != NUL; ++s)
cb5af9 
+   if (!ASCII_ISALNUM(*s) && vim_strchr((char_u *)".-_", *s) == NULL)
cb5af9 
+       return FALSE;
cb5af9 
+    return TRUE;
cb5af9 
+}
cb5af9 
+
cb5af9 
 /*
cb5af9 
  * Handle string options that need some action to perform when changed.
cb5af9 
  * Returns NULL for success, or an error message for an error.
cb5af9 
@@ -6054,8 +6069,11 @@
cb5af9 
 #ifdef FEAT_KEYMAP
cb5af9 
     else if (varp == &curbuf->b_p_keymap)
cb5af9 
     {
cb5af9 
-	/* load or unload key mapping tables */
cb5af9 
-	errmsg = keymap_init();
cb5af9 
+        if (!valid_filetype(*varp))
cb5af9 
+            errmsg = e_invarg;
cb5af9 
+        else
cb5af9 
+            /* load or unload key mapping tables */
cb5af9 
+            errmsg = keymap_init();
cb5af9
cb5af9 
 	if (errmsg == NULL)
cb5af9 
 	{
cb5af9 
@@ -7010,6 +7028,23 @@
cb5af9 
     }
cb5af9 
 #endif
cb5af9
cb5af9 
+#ifdef FEAT_AUTOCMD
cb5af9 
+    else if (gvarp == &p_ft)
cb5af9 
+    {
cb5af9 
+   if (!valid_filetype(*varp))
cb5af9 
+       errmsg = e_invarg;
cb5af9 
+    }
cb5af9 
+#endif
cb5af9 
+
cb5af9 
+#ifdef FEAT_SYN_HL
cb5af9 
+    else if (gvarp == &p_syn)
cb5af9 
+    {
cb5af9 
+   if (!valid_filetype(*varp))
cb5af9 
+       errmsg = e_invarg;
cb5af9 
+    }
cb5af9 
+#endif
cb5af9 
+
cb5af9 
+
cb5af9 
     /* Options that are a list of flags. */
cb5af9 
     else
cb5af9 
     {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation