diff options
| author | Jan Edmund Lazo <jan.lazo@mail.utoronto.ca> | 2020-01-26 08:17:08 -0500 |
|---|---|---|
| committer | Jan Edmund Lazo <jan.lazo@mail.utoronto.ca> | 2020-01-26 17:38:30 -0500 |
| commit | 08c5a874ab97d52e215025ccd010d68fcdf14731 (patch) | |
| tree | df47490305b3c01878863ee47a08a7da882b0d59 /src/nvim/path.c | |
| parent | 6f073ccbf464e2f2cd6d6855aa3f27ee1adcc20d (diff) | |
| download | rneovim-08c5a874ab97d52e215025ccd010d68fcdf14731.tar.gz rneovim-08c5a874ab97d52e215025ccd010d68fcdf14731.tar.bz2 rneovim-08c5a874ab97d52e215025ccd010d68fcdf14731.zip | |
vim-patch:8.1.1143: may pass weird strings to file name expansion
Problem: May pass weird strings to file name expansion.
Solution: Check for matching characters. Disallow control characters.
https://github.com/vim/vim/commit/8f130eda4747e4a4d68353cdb650f359fd01469b
Diffstat (limited to 'src/nvim/path.c')
| -rw-r--r-- | src/nvim/path.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/nvim/path.c b/src/nvim/path.c index a53870acb8..0142724a5b 100644 --- a/src/nvim/path.c +++ b/src/nvim/path.c @@ -1120,10 +1120,22 @@ static bool has_env_var(char_u *p) static bool has_special_wildchar(char_u *p) { for (; *p; MB_PTR_ADV(p)) { - // Allow for escaping - if (*p == '\\' && p[1] != NUL) { + // Disallow line break characters. + if (*p == '\r' || *p == '\n') { + break; + } + // Allow for escaping. + if (*p == '\\' && p[1] != NUL && p[1] != '\r' && p[1] != '\n') { p++; } else if (vim_strchr((char_u *)SPECIAL_WILDCHAR, *p) != NULL) { + // A { must be followed by a matching }. + if (*p == '{' && vim_strchr(p, '}') == NULL) { + continue; + } + // A quote and backtick must be followed by another one. + if ((*p == '`' || *p == '\'') && vim_strchr(p, *p) == NULL) { + continue; + } return true; } } |