To: vim_dev@googlegroups.com Subject: Patch 8.2.3247 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.3247 Problem: Using uninitialized memory when checking for crypt method. Solution: Check the header length before using the salt and seed. Files: src/fileio.c *** ../vim-8.2.3246/src/fileio.c 2021-07-29 20:37:45.652199179 +0200 --- src/fileio.c 2021-07-29 21:21:22.658150211 +0200 *************** *** 2917,2931 **** { int header_len; - curbuf->b_cryptstate = crypt_create_from_header( - method, cryptkey, ptr); - crypt_set_cm_option(curbuf, method); - - // Remove cryptmethod specific header from the text. header_len = crypt_get_header_len(method); if (*sizep <= header_len) // invalid header, buffer can't be encrypted return NULL; *filesizep += header_len; *sizep -= header_len; mch_memmove(ptr, ptr + header_len, (size_t)*sizep); --- 2917,2932 ---- { int header_len; header_len = crypt_get_header_len(method); if (*sizep <= header_len) // invalid header, buffer can't be encrypted return NULL; + + curbuf->b_cryptstate = crypt_create_from_header( + method, cryptkey, ptr); + crypt_set_cm_option(curbuf, method); + + // Remove cryptmethod specific header from the text. *filesizep += header_len; *sizep -= header_len; mch_memmove(ptr, ptr + header_len, (size_t)*sizep); *** ../vim-8.2.3246/src/version.c 2021-07-29 21:11:26.815533418 +0200 --- src/version.c 2021-07-29 21:23:32.625850511 +0200 *************** *** 757,758 **** --- 757,760 ---- { /* Add new patch number below this line */ + /**/ + 3247, /**/ -- Ten bugs in the hand is better than one as yet undetected. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///