Mercurial > vim
changeset 8983:5cbd81536f27 v7.4.1777
commit https://github.com/vim/vim/commit/3849992b16011e36a5cb5be4b127f843389b96fd
Author: Bram Moolenaar <Bram@vim.org>
Date: Fri Apr 22 20:46:52 2016 +0200
patch 7.4.1777
Problem: Newly added features can escape the sandbox.
Solution: Add checks for restricted and secure. (Yasuhiro Matsumoto)
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Fri, 22 Apr 2016 21:00:04 +0200 |
| parents | 57e814658ff0 |
| children | 4210ef398972 |
| files | src/eval.c src/version.c |
| diffstat | 2 files changed, 8 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/eval.c +++ b/src/eval.c @@ -10408,6 +10408,8 @@ f_ch_logfile(typval_T *argvars, typval_T f_ch_open(typval_T *argvars, typval_T *rettv) { rettv->v_type = VAR_CHANNEL; + if (check_restricted() || check_secure()) + return; rettv->vval.v_channel = channel_open_func(argvars); } @@ -15078,6 +15080,8 @@ f_job_setoptions(typval_T *argvars, typv f_job_start(typval_T *argvars, typval_T *rettv) { rettv->v_type = VAR_JOB; + if (check_restricted() || check_secure()) + return; rettv->vval.v_job = job_start(argvars); } @@ -16821,8 +16825,6 @@ check_connection(void) #endif #ifdef FEAT_CLIENTSERVER -static void remote_common(typval_T *argvars, typval_T *rettv, int expr); - static void remote_common(typval_T *argvars, typval_T *rettv, int expr) { @@ -20683,6 +20685,8 @@ f_timer_start(typval_T *argvars, typval_ char_u *callback; dict_T *dict; + if (check_secure()) + return; if (argvars[2].v_type != VAR_UNKNOWN) { if (argvars[2].v_type != VAR_DICT