summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/vim/files/CVE-2019-12735.patch
blob: d8afa1867bc70a2faad4770ac8d1cde5aa6a2ee0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
From e8197acdd091881fdbf9ed6ca8318f3c96465f0a Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 22 May 2019 22:38:25 +0200
Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox

Problem:    Source command doesn't check for the sandbox. (Armin Razmjou)
Solution:   Check for the sandbox when sourcing a file.

Upstream-Status: Backport
CVE: CVE-2019-12735
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 src/getchar.c               | 6 ++++++
 src/testdir/test_source.vim | 9 +++++++++
 src/version.c               | 2 ++
 3 files changed, 17 insertions(+)

diff --git a/src/getchar.c b/src/getchar.c
index 0e9942b..475f644 100644
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -1407,6 +1407,12 @@ openscript(
 	emsg(_(e_nesting));
 	return;
     }
+
+    // Disallow sourcing a file in the sandbox, the commands would be executed
+    // later, possibly outside of the sandbox.
+    if (check_secure())
+	return;
+
 #ifdef FEAT_EVAL
     if (ignore_script)
 	/* Not reading from script, also don't open one.  Warning message? */
diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim
index a33d286..5166baf 100644
--- a/src/testdir/test_source.vim
+++ b/src/testdir/test_source.vim
@@ -36,3 +36,12 @@ func Test_source_cmd()
   au! SourcePre
   au! SourcePost
 endfunc
+
+func Test_source_sandbox()
+  new
+  call writefile(["Ohello\<Esc>"], 'Xsourcehello')
+  source! Xsourcehello | echo
+  call assert_equal('hello', getline(1))
+  call assert_fails('sandbox source! Xsourcehello', 'E48:')
+  bwipe!
+endfunc
diff --git a/src/version.c b/src/version.c
index a49f6fb..e4f74be 100644
--- a/src/version.c
+++ b/src/version.c
@@ -780,6 +780,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1365,
+/**/
     1017,
 /**/
     1016,