diff options
| author | Sean Dewar <seandewar@users.noreply.github.com> | 2021-11-01 16:21:16 +0000 |
|---|---|---|
| committer | Sean Dewar <seandewar@users.noreply.github.com> | 2021-11-26 18:53:10 +0000 |
| commit | 38a831e54a7261fda06555bc7464546ecfcbf897 (patch) | |
| tree | c44a94badd3d4b7c5c71f94f167e49b9f23e6eeb | |
| parent | 39776d1a6513e33a33addb69deae72ab2ecafef4 (diff) | |
| download | rneovim-38a831e54a7261fda06555bc7464546ecfcbf897.tar.gz rneovim-38a831e54a7261fda06555bc7464546ecfcbf897.tar.bz2 rneovim-38a831e54a7261fda06555bc7464546ecfcbf897.zip | |
vim-patch:7.4.1777
Problem: Newly added features can escape the sandbox.
Solution: Add checks for restricted and secure. (Yasuhiro Matsumoto)
https://github.com/vim/vim/commit/3849992b16011e36a5cb5be4b127f843389b96fd
timer_start is missing check_secure.
The timer callback can, for example, call a function defined from outside the sandbox that does
stuff that would be disallowed from inside the sandbox. This is usually not allowed.
Cherry-pick eval.txt change from:
https://github.com/vim/vim/commit/68e6560b84f196c82e27a72669684d5506a3a837
Required for v8.1.2013.
| -rw-r--r-- | runtime/doc/eval.txt | 2 | ||||
| -rw-r--r-- | src/nvim/eval/funcs.c | 3 | ||||
| -rw-r--r-- | test/functional/vimscript/timer_spec.lua | 10 |
3 files changed, 15 insertions, 0 deletions
diff --git a/runtime/doc/eval.txt b/runtime/doc/eval.txt index 758c93231d..234879218e 100644 --- a/runtime/doc/eval.txt +++ b/runtime/doc/eval.txt @@ -10171,6 +10171,8 @@ timer_start({time}, {callback} [, {options}]) \ {'repeat': 3}) < This invokes MyHandler() three times at 500 msec intervals. + Not available in the |sandbox|. + timer_stop({timer}) *timer_stop()* Stop a timer. The timer callback will no longer be invoked. {timer} is an ID returned by timer_start(), thus it must be a diff --git a/src/nvim/eval/funcs.c b/src/nvim/eval/funcs.c index dfadd28ebe..33ca4016cf 100644 --- a/src/nvim/eval/funcs.c +++ b/src/nvim/eval/funcs.c @@ -11551,6 +11551,9 @@ static void f_timer_start(typval_T *argvars, typval_T *rettv, FunPtr fptr) dict_T *dict; rettv->vval.v_number = -1; + if (check_secure()) { + return; + } if (argvars[2].v_type != VAR_UNKNOWN) { if (argvars[2].v_type != VAR_DICT diff --git a/test/functional/vimscript/timer_spec.lua b/test/functional/vimscript/timer_spec.lua index 9ee0735e40..e45b64422f 100644 --- a/test/functional/vimscript/timer_spec.lua +++ b/test/functional/vimscript/timer_spec.lua @@ -3,6 +3,7 @@ local Screen = require('test.functional.ui.screen') local feed, eq, eval, ok = helpers.feed, helpers.eq, helpers.eval, helpers.ok local source, nvim_async, run = helpers.source, helpers.nvim_async, helpers.run local clear, command, funcs = helpers.clear, helpers.command, helpers.funcs +local exc_exec = helpers.exc_exec local curbufmeths = helpers.curbufmeths local load_adjust = helpers.load_adjust local retry = helpers.retry @@ -262,4 +263,13 @@ describe('timers', function() eq(2, eval('g:val')) end) + + it("timer_start can't be used in the sandbox", function() + source [[ + function! Scary(timer) abort + call execute('echo ''execute() should be disallowed''', '') + endfunction + ]] + eq("Vim(call):E48: Not allowed in sandbox", exc_exec("sandbox call timer_start(0, 'Scary')")) + end) end) |