meta-openembedded/meta-oe/recipes-support/vim/files/CVE-2017-17087.patch - openbmc/openbmc - Gitiles

 From 9c11f80339372b7aa2f43153d574f2b5abb79708 Mon Sep 17 00:00:00 2001
 From: Li Zhou <li.zhou@windriver.com>
 Date: Sun, 17 Dec 2017 23:09:35 -0800
 Subject: [PATCH] vim: patch 8.0.1263: others can read the swap file if a user
  is careless

 Problem:    Others can read the swap file if a user is careless with his
             primary group.
 Solution:   If the group permission allows for reading but the world
             permissions doesn't, make sure the group is right.

 Upstream-Status: Backport
 CVE: CVE-2017-17087
 Signed-off-by: Li Zhou <li.zhou@windriver.com>
 ---
  src/fileio.c  | 24 +++++++++++++++++++++++-
  src/version.c |  2 ++
  2 files changed, 25 insertions(+), 1 deletion(-)

 diff --git a/src/fileio.c b/src/fileio.c
 index f54fb8465..2c7740af9 100644
 --- a/src/fileio.c
 +++ b/src/fileio.c
 @@ -716,7 +716,29 @@ readfile(
  	/* Set swap file protection bits after creating it. */
  	if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL
  			  && curbuf->b_ml.ml_mfp->mf_fname != NULL)
 -	    (void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode);
 +	{
 +	    char_u *swap_fname = curbuf->b_ml.ml_mfp->mf_fname;
 +
 +	    /*
 +	     * If the group-read bit is set but not the world-read bit, then
 +	     * the group must be equal to the group of the original file.  If
 +	     * we can't make that happen then reset the group-read bit.  This
 +	     * avoids making the swap file readable to more users when the
 +	     * primary group of the user is too permissive.
 +	     */
 +	    if ((swap_mode & 044) == 040)
 +	    {
 +		stat_T	swap_st;
 +
 +		if (mch_stat((char *)swap_fname, &swap_st) >= 0
 +			&& st.st_gid != swap_st.st_gid
 +			&& fchown(curbuf->b_ml.ml_mfp->mf_fd, -1, st.st_gid)
 +									 == -1)
 +		    swap_mode &= 0600;
 +	    }
 +
 +	    (void)mch_setperm(swap_fname, (long)swap_mode);
 +	}
  #endif
      }

 diff --git a/src/version.c b/src/version.c
 index a5cb078f0..5c0df475f 100644
 --- a/src/version.c
 +++ b/src/version.c
 @@ -770,6 +770,8 @@ static char *(features[]) =
  static int included_patches[] =
  {   /* Add new patch number below this line */
  /**/
 +    1263,
 +/**/
      983,
  /**/
      982,
 --
 2.11.0
	From 9c11f80339372b7aa2f43153d574f2b5abb79708 Mon Sep 17 00:00:00 2001
	From: Li Zhou <li.zhou@windriver.com>
	Date: Sun, 17 Dec 2017 23:09:35 -0800
	Subject: [PATCH] vim: patch 8.0.1263: others can read the swap file if a user
	is careless

	Problem: Others can read the swap file if a user is careless with his
	primary group.
	Solution: If the group permission allows for reading but the world
	permissions doesn't, make sure the group is right.

	Upstream-Status: Backport
	CVE: CVE-2017-17087
	Signed-off-by: Li Zhou <li.zhou@windriver.com>
	---
	src/fileio.c \| 24 +++++++++++++++++++++++-
	src/version.c \| 2 ++
	2 files changed, 25 insertions(+), 1 deletion(-)

	diff --git a/src/fileio.c b/src/fileio.c
	index f54fb8465..2c7740af9 100644
	--- a/src/fileio.c
	+++ b/src/fileio.c
	@@ -716,7 +716,29 @@ readfile(
	/* Set swap file protection bits after creating it. */
	if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL
	&& curbuf->b_ml.ml_mfp->mf_fname != NULL)
	- (void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode);
	+ {
	+ char_u *swap_fname = curbuf->b_ml.ml_mfp->mf_fname;
	+
	+ /*
	+ * If the group-read bit is set but not the world-read bit, then
	+ * the group must be equal to the group of the original file. If
	+ * we can't make that happen then reset the group-read bit. This
	+ * avoids making the swap file readable to more users when the
	+ * primary group of the user is too permissive.
	+ */
	+ if ((swap_mode & 044) == 040)
	+ {
	+ stat_T swap_st;
	+
	+ if (mch_stat((char *)swap_fname, &swap_st) >= 0
	+ && st.st_gid != swap_st.st_gid
	+ && fchown(curbuf->b_ml.ml_mfp->mf_fd, -1, st.st_gid)
	+ == -1)
	+ swap_mode &= 0600;
	+ }
	+
	+ (void)mch_setperm(swap_fname, (long)swap_mode);
	+ }
	#endif
	}

	diff --git a/src/version.c b/src/version.c
	index a5cb078f0..5c0df475f 100644
	--- a/src/version.c
	+++ b/src/version.c
	@@ -770,6 +770,8 @@ static char *(features[]) =
	static int included_patches[] =
	{ /* Add new patch number below this line */
	/**/
	+ 1263,
	+/**/
	983,
	/**/
	982,
	--
	2.11.0