diff options
| author | James McCoy <jamessan@jamessan.com> | 2019-06-22 21:13:01 -0400 |
|---|---|---|
| committer | James McCoy <jamessan@jamessan.com> | 2019-06-24 06:41:57 -0400 |
| commit | 45bb1757bf7a3c47aef4d6898e9a28218bc80e6c (patch) | |
| tree | 7f56e550b9775ba6084919cba431ec8a50234eef | |
| parent | 433c136a8a274539fb58c2a2ef4f606dd7829fef (diff) | |
| download | rneovim-45bb1757bf7a3c47aef4d6898e9a28218bc80e6c.tar.gz rneovim-45bb1757bf7a3c47aef4d6898e9a28218bc80e6c.tar.bz2 rneovim-45bb1757bf7a3c47aef4d6898e9a28218bc80e6c.zip | |
vim-patch:8.1.1365: source command doesn't check for the sandbox
Problem: Source command doesn't check for the sandbox. (Armin Razmjou)
Solution: Check for the sandbox when sourcing a file.
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
| -rw-r--r-- | src/nvim/getchar.c | 7 | ||||
| -rw-r--r-- | src/nvim/testdir/test_source.vim | 10 |
2 files changed, 17 insertions, 0 deletions
diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c index 44e4e09486..d4154a3748 100644 --- a/src/nvim/getchar.c +++ b/src/nvim/getchar.c @@ -1253,6 +1253,13 @@ openscript ( EMSG(_(e_nesting)); return; } + + // Disallow sourcing a file in the sandbox, the commands would be executed + // later, possibly outside of the sandbox. + if (check_secure()) { + return; + } + if (ignore_script) /* Not reading from script, also don't open one. Warning message? */ return; diff --git a/src/nvim/testdir/test_source.vim b/src/nvim/testdir/test_source.vim new file mode 100644 index 0000000000..42ac0c4d0f --- /dev/null +++ b/src/nvim/testdir/test_source.vim @@ -0,0 +1,10 @@ +" Tests for the :source command. + +func Test_source_sandbox() + new + call writefile(["Ohello\<Esc>"], 'Xsourcehello') + source! Xsourcehello | echo + call assert_equal('hello', getline(1)) + call assert_fails('sandbox source! Xsourcehello', 'E48:') + bwipe! +endfunc |