File CVE-2016-1248.patch of Package vim.11499

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-1248.patch of Package vim.11499

From d0b5138ba4bccff8a744c99836041ef6322ed39a Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Fri, 4 Nov 2016 15:23:45 +0100
Subject: [PATCH] patch 8.0.0056 Problem:    When setting 'filetype' there is
 no check for a valid name. Solution:   Only allow valid characters in
 'filetype', 'syntax' and 'keymap'.

---
 src/option.c                 | 38 ++++++++++++++++++++++++++++++++--
 src/testdir/test_options.vim | 49 ++++++++++++++++++++++++++++++++++++++++++++
 src/version.c                |  2 ++
 3 files changed, 87 insertions(+), 2 deletions(-)

Index: vim74/src/option.c
===================================================================
--- vim74.orig/src/option.c
+++ vim74/src/option.c
@@ -5653,6 +5653,21 @@ set_string_option(opt_idx, value, opt_fl
 }
 
 /*
+ * Return TRUE if "val" is a valid 'filetype' name.
+ * Also used for 'syntax' and 'keymap'.
+ */
+    static int
+valid_filetype(char_u *val)
+{
+    char_u *s;
+
+    for (s = val; *s != NUL; ++s)
+	if (!ASCII_ISALNUM(*s) && vim_strchr((char_u *)".-_", *s) == NULL)
+	    return FALSE;
+    return TRUE;
+}
+
+/*
  * Handle string options that need some action to perform when changed.
  * Returns NULL for success, or an error message for an error.
  */
@@ -6043,8 +6058,11 @@ did_set_string_option(opt_idx, varp, new
 #ifdef FEAT_KEYMAP
     else if (varp == &curbuf->b_p_keymap)
     {
-	/* load or unload key mapping tables */
-	errmsg = keymap_init();
+	if (!valid_filetype(*varp))
+	    errmsg = e_invarg;
+	else
+	    /* load or unload key mapping tables */
+	    errmsg = keymap_init();
 
 	if (errmsg == NULL)
 	{
@@ -6990,6 +7008,22 @@ did_set_string_option(opt_idx, varp, new
     }
 #endif
 
+#ifdef FEAT_AUTOCMD
+    else if (gvarp == &p_ft)
+    {
+	if (!valid_filetype(*varp))
+	    errmsg = e_invarg;
+    }
+#endif
+
+#ifdef FEAT_SYN_HL
+    else if (gvarp == &p_syn)
+    {
+	if (!valid_filetype(*varp))
+	    errmsg = e_invarg;
+    }
+#endif
+
     /* Options that are a list of flags. */
     else
     {

Places

File CVE-2016-1248.patch of Package vim.11499

Places