diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/fileio.c | 7 | ||||
| -rw-r--r-- | src/nvim/main.c | 2 | ||||
| -rw-r--r-- | src/nvim/msgpack_rpc/channel.c | 1 | ||||
| -rw-r--r-- | src/nvim/options.lua | 6 | ||||
| -rw-r--r-- | src/nvim/os/stdpaths.c | 20 |
5 files changed, 25 insertions, 11 deletions
diff --git a/src/nvim/fileio.c b/src/nvim/fileio.c index 7c1d495505..cd88cf53ce 100644 --- a/src/nvim/fileio.c +++ b/src/nvim/fileio.c @@ -3279,12 +3279,18 @@ static void vim_mktempdir(void) char tmp[TEMP_FILE_PATH_MAXLEN]; char path[TEMP_FILE_PATH_MAXLEN]; char user[40] = { 0 }; + char appname[40] = { 0 }; (void)os_get_username(user, sizeof(user)); // Usernames may contain slashes! #19240 memchrsub(user, '/', '_', sizeof(user)); memchrsub(user, '\\', '_', sizeof(user)); + // Appname may be a relative path, replace slashes to make it name-like. + xstrlcpy(appname, get_appname(), sizeof(appname)); + memchrsub(appname, '/', '%', sizeof(appname)); + memchrsub(appname, '\\', '%', sizeof(appname)); + // Make sure the umask doesn't remove the executable bit. // "repl" has been reported to use "0177". mode_t umask_save = umask(0077); @@ -3298,7 +3304,6 @@ static void vim_mktempdir(void) // "/tmp/" exists, now try to create "/tmp/nvim.<user>/". add_pathsep(tmp); - const char *appname = get_appname(); xstrlcat(tmp, appname, sizeof(tmp)); xstrlcat(tmp, ".", sizeof(tmp)); xstrlcat(tmp, user, sizeof(tmp)); diff --git a/src/nvim/main.c b/src/nvim/main.c index 4b3244de12..720387cb17 100644 --- a/src/nvim/main.c +++ b/src/nvim/main.c @@ -251,7 +251,7 @@ int main(int argc, char **argv) argv0 = argv[0]; if (!appname_is_valid()) { - os_errmsg("$NVIM_APPNAME is not a valid file name.\n"); + os_errmsg("$NVIM_APPNAME must be a name or relative path.\n"); exit(1); } diff --git a/src/nvim/msgpack_rpc/channel.c b/src/nvim/msgpack_rpc/channel.c index b753d46d64..fb24100f3a 100644 --- a/src/nvim/msgpack_rpc/channel.c +++ b/src/nvim/msgpack_rpc/channel.c @@ -348,6 +348,7 @@ static void parse_msgpack(Channel *channel) "id %" PRIu32 ". Ensure the client is properly synchronized", channel->id, (unsigned)channel->rpc.client_type, p->request_id); chan_close_with_error(channel, buf, LOGLVL_ERR); + return; } frame->returned = true; frame->errored = (p->error.type != kObjectTypeNil); diff --git a/src/nvim/options.lua b/src/nvim/options.lua index 429a70eb38..cd1d760836 100644 --- a/src/nvim/options.lua +++ b/src/nvim/options.lua @@ -6546,9 +6546,9 @@ return { cb = 'did_set_scrollbind', defaults = { if_true = false }, desc = [=[ - See also |scroll-binding|. When this option is set, the current - window scrolls as other scrollbind windows (windows that also have - this option set) scroll. This option is useful for viewing the + See also |scroll-binding|. When this option is set, scrolling the + current window also scrolls other scrollbind windows (windows that + also have this option set). This option is useful for viewing the differences between two versions of a file, see 'diff'. See |'scrollopt'| for options that determine how this option should be interpreted. diff --git a/src/nvim/os/stdpaths.c b/src/nvim/os/stdpaths.c index 53ddda22fa..b129eb445a 100644 --- a/src/nvim/os/stdpaths.c +++ b/src/nvim/os/stdpaths.c @@ -69,15 +69,23 @@ const char *get_appname(void) return env_val; } -/// Ensure that APPNAME is valid. In particular, it cannot contain directory separators. +/// Ensure that APPNAME is valid. Must be a name or relative path. bool appname_is_valid(void) { const char *appname = get_appname(); - const size_t appname_len = strlen(appname); - for (size_t i = 0; i < appname_len; i++) { - if (appname[i] == PATHSEP) { - return false; - } + if (path_is_absolute(appname) + // TODO(justinmk): on Windows, path_is_absolute says "/" is NOT absolute. Should it? + || strequal(appname, "/") + || strequal(appname, "\\") + || strequal(appname, ".") + || strequal(appname, "..") +#ifdef BACKSLASH_IN_FILENAME + || strstr(appname, "\\..") != NULL + || strstr(appname, "..\\") != NULL +#endif + || strstr(appname, "/..") != NULL + || strstr(appname, "../") != NULL) { + return false; } return true; } |