gnu: vim: Use upstream fix for CVE-2017-5953.

* gnu/packages/patches/vim-CVE-2017-5953.patch: Adjust to match upstream changes.
2017-02-26 11:48:20 -05:00 · 2017-02-26 11:48:20 -05:00 · ffa771d2b4
parent 2f1d20a8d4
commit ffa771d2b4
1 changed files with 13 additions and 5 deletions
--- a/gnu/packages/patches/vim-CVE-2017-5953.patch
+++ b/gnu/packages/patches/vim-CVE-2017-5953.patch
@ -3,20 +3,28 @@ Fix CVE-2017-5953:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953
 https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY

-Patch adapted from upstream commit, correcting the transcription error
-in the bounds check:
+This change is adapted from the upstream source repository:

-https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
+https://github.com/vim/vim/commit/6d3c8586fc81b022e9f06c611b9926108fb878c7

 diff --git a/src/spellfile.c b/src/spellfile.c
-index c7d87c6..8b1a3a6 100644
+index c7d87c6..00ef019 100644
 --- a/src/spellfile.c
 +++ b/src/spellfile.c
+@@ -1585,7 +1585,7 @@ spell_read_tree(
+     int		prefixtree,	/* TRUE for the prefix tree */
+     int		prefixcnt)	/* when "prefixtree" is TRUE: prefix count */
+ {
+-    int		len;
+    long	len;
+     int		idx;
+     char_u	*bp;
+     idx_T	*ip;
@@ -1595,6 +1595,9 @@ spell_read_tree(
     len = get4c(fd);
     if (len < 0)
 	return SP_TRUNCERROR;
-+    if (len >= 0x3fffffff)
+    if (len >= LONG_MAX / (long)sizeof(int))
 +	/* Invalid length, multiply with sizeof(int) would overflow. */
 +	return SP_FORMERROR;
     if (len > 0)