Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
neovim.10373
CVE-2019-12735.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-12735.patch of Package neovim.10373
From 5e611f32841e746932fbcbea292ca502ed9e694b Mon Sep 17 00:00:00 2001 From: Jan Edmund Lazo <jan.lazo@mail.utoronto.ca> Date: Thu, 23 May 2019 00:07:48 -0400 Subject: [PATCH] vim-patch:8.1.1365: source command doesn't check for the sandbox Problem: Source command doesn't check for the sandbox. (Armin Razmjou) Solution: Check for the sandbox when sourcing a file. https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040 --- src/nvim/getchar.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/src/nvim/getchar.c +++ b/src/nvim/getchar.c @@ -1238,6 +1238,13 @@ openscript ( EMSG(_(e_nesting)); return; } + + // Disallow sourcing a file in the sandbox, the commands would be executed + // later, possibly outside of the sandbox. + if (check_secure()) { + return; + } + if (ignore_script) /* Not reading from script, also don't open one. Warning message? */ return;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor