git.ipfire.org Git - thirdparty/vim.git/commit

author	Christian Brabandt <cb@256bit.org>
	Thu, 26 Oct 2023 19:29:32 +0000 (21:29 +0200)
committer	Christian Brabandt <cb@256bit.org>
	Thu, 26 Oct 2023 19:29:32 +0000 (21:29 +0200)
commit	9198c1f2b1ddecde22af918541e0de2a32f0f45a
tree	2af602f979b00fea18542cd679191c320009f9b2	tree
parent	5f5131d775bf9966976e39aa38b070036cbfe969	commit \| diff

patch 9.0.2068: [security] overflow in :history

Problem: [security] overflow in :history
Solution: Check that value fits into int

The get_list_range() function, used to parse numbers for the :history
and :clist command internally uses long variables to store the numbers.
However function arguments are integer pointers, which can then
overflow.

Check that the return value from the vim_str2nr() function is not larger
than INT_MAX and if yes, bail out with an error. I guess nobody uses a
cmdline/clist history that needs so many entries... (famous last words).

It is only a moderate vulnerability, so impact should be low.

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm

Signed-off-by: Christian Brabandt <cb@256bit.org>

src/cmdhist.c		diff \| blob \| blame \| history
src/errors.h		diff \| blob \| blame \| history
src/ex_getln.c		diff \| blob \| blame \| history
src/testdir/test_history.vim		diff \| blob \| blame \| history
src/version.c		diff \| blob \| blame \| history