diff options
| author | Jan Edmund Lazo <jan.lazo@mail.utoronto.ca> | 2020-01-26 08:17:08 -0500 |
|---|---|---|
| committer | Jan Edmund Lazo <jan.lazo@mail.utoronto.ca> | 2020-01-26 17:38:30 -0500 |
| commit | 08c5a874ab97d52e215025ccd010d68fcdf14731 (patch) | |
| tree | df47490305b3c01878863ee47a08a7da882b0d59 /src/nvim/option.c | |
| parent | 6f073ccbf464e2f2cd6d6855aa3f27ee1adcc20d (diff) | |
| download | rneovim-08c5a874ab97d52e215025ccd010d68fcdf14731.tar.gz rneovim-08c5a874ab97d52e215025ccd010d68fcdf14731.tar.bz2 rneovim-08c5a874ab97d52e215025ccd010d68fcdf14731.zip | |
vim-patch:8.1.1143: may pass weird strings to file name expansion
Problem: May pass weird strings to file name expansion.
Solution: Check for matching characters. Disallow control characters.
https://github.com/vim/vim/commit/8f130eda4747e4a4d68353cdb650f359fd01469b
Diffstat (limited to 'src/nvim/option.c')
| -rw-r--r-- | src/nvim/option.c | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/src/nvim/option.c b/src/nvim/option.c index f03dcc2bf2..9168509aa8 100644 --- a/src/nvim/option.c +++ b/src/nvim/option.c @@ -2509,18 +2509,35 @@ static char *set_string_option(const int opt_idx, const char *const value, return r; } -/// Return true if "val" is a valid 'filetype' name. -/// Also used for 'syntax' and 'keymap'. -static bool valid_filetype(char_u *val) +/// Return true if "val" is a valid name: only consists of alphanumeric ASCII +/// characters or characters in "allowed". +static bool valid_name(const char_u *val, const char *allowed) + FUNC_ATTR_NONNULL_ALL FUNC_ATTR_PURE FUNC_ATTR_WARN_UNUSED_RESULT { - for (char_u *s = val; *s != NUL; s++) { - if (!ASCII_ISALNUM(*s) && vim_strchr((char_u *)".-_", *s) == NULL) { + for (const char_u *s = val; *s != NUL; s++) { + if (!ASCII_ISALNUM(*s) + && vim_strchr((const char_u *)allowed, *s) == NULL) { return false; } } return true; } +/// Return true if "val" is a valid 'filetype' name. +/// Also used for 'syntax' and 'keymap'. +static bool valid_filetype(const char_u *val) + FUNC_ATTR_NONNULL_ALL FUNC_ATTR_PURE FUNC_ATTR_WARN_UNUSED_RESULT +{ + return valid_name(val, ".-_"); +} + +/// Return true if "val" is a valid 'spellang' value. +bool valid_spellang(const char_u *val) + FUNC_ATTR_NONNULL_ALL FUNC_ATTR_PURE FUNC_ATTR_WARN_UNUSED_RESULT +{ + return valid_name(val, ".-_,"); +} + /// Handle string options that need some action to perform when changed. /// Returns NULL for success, or an error message for an error. static char_u * @@ -3032,7 +3049,11 @@ ambw_end: || varp == &(curwin->w_s->b_p_spf)) { // When 'spelllang' or 'spellfile' is set and there is a window for this // buffer in which 'spell' is set load the wordlists. - errmsg = did_set_spell_option(varp == &(curwin->w_s->b_p_spf)); + if (!valid_spellang(*varp)) { + errmsg = e_invarg; + } else { + errmsg = did_set_spell_option(varp == &(curwin->w_s->b_p_spf)); + } } else if (varp == &(curwin->w_s->b_p_spc)) { // When 'spellcapcheck' is set compile the regexp program. errmsg = compile_cap_prog(curwin->w_s); |