adam/vim
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

patch 9.1.1551: [security]: path traversal issue in zip.vim

Browse Source 
Problem:  [security]: path traversal issue in zip.vim (@ax)
Solution: drop leading ../ on write of zipfiles, don't forcefully
          overwrite existing files

A zip plugin which contains filenames with leading '../'  may cause
confusion as to where the content will be extracted.  Let's drop such
things and make sure we use a relative filename instead and don't
forcefully overwrite temporary files. Also, warn the user of such
things.

related: #17733

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2025-07-15 21:43:01 +02:00
parent 3f9d2378bd
commit 586294a041
7 changed files with 185 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Filelist
View File

@ -212,6 +212,7 @@ SRC_ALL = \
src/testdir/samples/*.html \ src/testdir/samples/*.html \
src/testdir/samples/*.txt \ src/testdir/samples/*.txt \
src/testdir/samples/*.vim \ src/testdir/samples/*.vim \
src/testdir/samples/evil.zip \
src/testdir/samples/poc.zip \ src/testdir/samples/poc.zip \
src/testdir/samples/test.zip \ src/testdir/samples/test.zip \
src/testdir/samples/test000 \ src/testdir/samples/test000 \

22
runtime/autoload/zip.vim
View File

@ -15,6 +15,7 @@
" 2024 Aug 18 by Vim Project: correctly handle special globbing chars " 2024 Aug 18 by Vim Project: correctly handle special globbing chars
" 2024 Aug 21 by Vim Project: simplify condition to detect MS-Windows " 2024 Aug 21 by Vim Project: simplify condition to detect MS-Windows
" 2025 Mar 11 by Vim Project: handle filenames with leading '-' correctly " 2025 Mar 11 by Vim Project: handle filenames with leading '-' correctly
" 2025 Jul 12 by Vim Project: drop ../ on write to prevent path traversal attacks
" License: Vim License (see vim's :help license) " License: Vim License (see vim's :help license)
" Copyright: Copyright (C) 2005-2019 Charles E. Campbell {{{1 " Copyright: Copyright (C) 2005-2019 Charles E. Campbell {{{1
" Permission is hereby granted to use and distribute this code, " Permission is hereby granted to use and distribute this code,
@ -236,6 +237,7 @@ endfun
" zip#Write: {{{2 " zip#Write: {{{2
fun! zip#Write(fname) fun! zip#Write(fname)
let dict = s:SetSaneOpts() let dict = s:SetSaneOpts()
let need_rename = 0
defer s:RestoreOpts(dict) defer s:RestoreOpts(dict)
" sanity checks " sanity checks
@ -243,10 +245,6 @@ fun! zip#Write(fname)
call s:Mess('Error', "***error*** (zip#Write) sorry, your system doesn't appear to have the ".g:zip_zipcmd." program") call s:Mess('Error', "***error*** (zip#Write) sorry, your system doesn't appear to have the ".g:zip_zipcmd." program")
return return
endif endif
if !exists("*mkdir")
call s:Mess('Error', "***error*** (zip#Write) sorry, mkdir() doesn't work on your system")
return
endif
let curdir= getcwd() let curdir= getcwd()
let tmpdir= tempname() let tmpdir= tempname()
@ -274,6 +272,11 @@ fun! zip#Write(fname)
let zipfile = substitute(a:fname,'^.\{-}zipfile://\(.\{-}\)::[^\\].*$','\1','') let zipfile = substitute(a:fname,'^.\{-}zipfile://\(.\{-}\)::[^\\].*$','\1','')
let fname = substitute(a:fname,'^.\{-}zipfile://.\{-}::\([^\\].*\)$','\1','') let fname = substitute(a:fname,'^.\{-}zipfile://.\{-}::\([^\\].*\)$','\1','')
endif endif
if fname =~ '^[.]\{1,2}/'
call system(g:zip_zipcmd." -d ".s:Escape(fnamemodify(zipfile,":p"),0)." ".s:Escape(fname,0))
let fname = fname->substitute('^\([.]\{1,2}/\)\+', '', 'g')
let need_rename = 1
endif
if fname =~ '/' if fname =~ '/'
let dirpath = substitute(fname,'/[^/]\+$','','e') let dirpath = substitute(fname,'/[^/]\+$','','e')
@ -286,7 +289,8 @@ fun! zip#Write(fname)
let zipfile= curdir.'/'.zipfile let zipfile= curdir.'/'.zipfile
endif endif
exe "w! ".fnameescape(fname) " don't overwrite files forcefully
exe "w ".fnameescape(fname)
if has("win32unix") && executable("cygpath") if has("win32unix") && executable("cygpath")
let zipfile = substitute(system("cygpath ".s:Escape(zipfile,0)),'\n','','e') let zipfile = substitute(system("cygpath ".s:Escape(zipfile,0)),'\n','','e')
endif endif
@ -312,6 +316,9 @@ fun! zip#Write(fname)
let &binary = binkeep let &binary = binkeep
q! q!
unlet s:zipfile_{winnr()} unlet s:zipfile_{winnr()}
elseif need_rename
exe $"sil keepalt file {fnameescape($"zipfile://{zipfile}::{fname}")}"
call s:Mess('Warning', "***error*** (zip#Browse) Path Traversal Attack detected, dropping relative path")
endif endif
" cleanup and restore current directory " cleanup and restore current directory
@ -320,7 +327,6 @@ fun! zip#Write(fname)
call s:ChgDir(curdir,s:WARNING,"(zip#Write) unable to return to ".curdir."!") call s:ChgDir(curdir,s:WARNING,"(zip#Write) unable to return to ".curdir."!")
call delete(tmpdir, "rf") call delete(tmpdir, "rf")
setlocal nomod setlocal nomod
endfun endfun
" --------------------------------------------------------------------- " ---------------------------------------------------------------------
@ -338,6 +344,9 @@ fun! zip#Extract()
if fname =~ '/$' if fname =~ '/$'
call s:Mess('Error', "***error*** (zip#Extract) Please specify a file, not a directory") call s:Mess('Error', "***error*** (zip#Extract) Please specify a file, not a directory")
return return
elseif fname =~ '^[.]\?[.]/'
call s:Mess('Error', "***error*** (zip#Browse) Path Traversal Attack detected, not extracting!")
return
endif endif
if filereadable(fname) if filereadable(fname)
call s:Mess('Error', "***error*** (zip#Extract) <" .. fname .."> already exists in directory, not overwriting!") call s:Mess('Error', "***error*** (zip#Extract) <" .. fname .."> already exists in directory, not overwriting!")
@ -369,7 +378,6 @@ fun! zip#Extract()
else else
echomsg "***note*** successfully extracted ".fname echomsg "***note*** successfully extracted ".fname
endif endif
endfun endfun
" --------------------------------------------------------------------- " ---------------------------------------------------------------------

14
runtime/doc/pi_zip.txt
View File

@ -1,4 +1,4 @@
*pi_zip.txt* For Vim version 9.1. Last change: 2025 Apr 02 *pi_zip.txt* For Vim version 9.1. Last change: 2025 Jul 15
+====================+ +====================+
| Zip File Interface | | Zip File Interface |
@ -111,6 +111,18 @@ Copyright: Copyright (C) 2005-2015 Charles E Campbell *zip-copyright*
============================================================================== ==============================================================================
4. History *zip-history* {{{1 4. History *zip-history* {{{1
unreleased:
Jul 12, 2025 * drop ../ on write to prevent path traversal attacks
Mar 11, 2025 * handle filenames with leading '-' correctly
Aug 21, 2024 * simplify condition to detect MS-Windows
Aug 18, 2024 * correctly handle special globbing chars
Aug 05, 2024 * clean-up and make it work with shellslash on Windows
Aug 05, 2024 * workaround for the FreeBSD's unzip
Aug 04, 2024 * escape '[' in name of file to be extracted
Jul 30, 2024 * fix opening remote zipfile
Jul 24, 2024 * use delete() function
Jul 23, 2024 * fix 'x' command
Jun 16, 2024 * handle whitespace on Windows properly (#14998)
v33 Dec 07, 2021 * *.xlam mentioned twice in zipPlugin v33 Dec 07, 2021 * *.xlam mentioned twice in zipPlugin
v32 Oct 22, 2021 * to avoid an issue with a vim 8.2 patch, zipfile: has v32 Oct 22, 2021 * to avoid an issue with a vim 8.2 patch, zipfile: has
been changed to zipfile:// . This often shows up been changed to zipfile:// . This often shows up

162
src/po/vim.pot
View File

@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: PACKAGE VERSION\n" "Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2025-07-15 21:26+0200\n" "POT-Creation-Date: 2025-07-15 21:42+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -4257,327 +4257,327 @@ msgstr ""
msgid "%s (%s, compiled %s)" msgid "%s (%s, compiled %s)"
msgstr "" msgstr ""
#: ../version.c:4034 #: ../version.c:4036
msgid "" msgid ""
"\n" "\n"
"MS-Windows ARM64 GUI/console version" "MS-Windows ARM64 GUI/console version"
msgstr "" msgstr ""
#: ../version.c:4036 #: ../version.c:4038
msgid "" msgid ""
"\n" "\n"
"MS-Windows 64-bit GUI/console version" "MS-Windows 64-bit GUI/console version"
msgstr "" msgstr ""
#: ../version.c:4039 #: ../version.c:4041
msgid "" msgid ""
"\n" "\n"
"MS-Windows 32-bit GUI/console version" "MS-Windows 32-bit GUI/console version"
msgstr "" msgstr ""
#: ../version.c:4044 #: ../version.c:4046
msgid "" msgid ""
"\n" "\n"
"MS-Windows ARM64 GUI version" "MS-Windows ARM64 GUI version"
msgstr "" msgstr ""
#: ../version.c:4046 #: ../version.c:4048
msgid "" msgid ""
"\n" "\n"
"MS-Windows 64-bit GUI version" "MS-Windows 64-bit GUI version"
msgstr "" msgstr ""
#: ../version.c:4049 #: ../version.c:4051
msgid "" msgid ""
"\n" "\n"
"MS-Windows 32-bit GUI version" "MS-Windows 32-bit GUI version"
msgstr "" msgstr ""
#: ../version.c:4053 #: ../version.c:4055
msgid " with OLE support" msgid " with OLE support"
msgstr "" msgstr ""
#: ../version.c:4058
msgid ""
"\n"
"MS-Windows ARM64 console version"
msgstr ""
#: ../version.c:4060 #: ../version.c:4060
msgid "" msgid ""
"\n" "\n"
"MS-Windows ARM64 console version"
msgstr ""
#: ../version.c:4062
msgid ""
"\n"
"MS-Windows 64-bit console version" "MS-Windows 64-bit console version"
msgstr "" msgstr ""
#: ../version.c:4063 #: ../version.c:4065
msgid "" msgid ""
"\n" "\n"
"MS-Windows 32-bit console version" "MS-Windows 32-bit console version"
msgstr "" msgstr ""
#: ../version.c:4069 #: ../version.c:4071
msgid "" msgid ""
"\n" "\n"
"macOS version" "macOS version"
msgstr "" msgstr ""
#: ../version.c:4071 #: ../version.c:4073
msgid "" msgid ""
"\n" "\n"
"macOS version w/o darwin feat." "macOS version w/o darwin feat."
msgstr "" msgstr ""
#: ../version.c:4081 #: ../version.c:4083
msgid "" msgid ""
"\n" "\n"
"OpenVMS version" "OpenVMS version"
msgstr "" msgstr ""
#: ../version.c:4096 #: ../version.c:4098
msgid "" msgid ""
"\n" "\n"
"Included patches: " "Included patches: "
msgstr "" msgstr ""
#: ../version.c:4121 #: ../version.c:4123
msgid "" msgid ""
"\n" "\n"
"Extra patches: " "Extra patches: "
msgstr "" msgstr ""
#: ../version.c:4133 ../version.c:4444 #: ../version.c:4135 ../version.c:4446
msgid "Modified by " msgid "Modified by "
msgstr "" msgstr ""
#: ../version.c:4140 #: ../version.c:4142
msgid "" msgid ""
"\n" "\n"
"Compiled " "Compiled "
msgstr "" msgstr ""
#: ../version.c:4143 #: ../version.c:4145
msgid "by " msgid "by "
msgstr "" msgstr ""
#: ../version.c:4155
msgid ""
"\n"
"Huge version "
msgstr ""
#: ../version.c:4157 #: ../version.c:4157
msgid "" msgid ""
"\n" "\n"
"Normal version " "Huge version "
msgstr "" msgstr ""
#: ../version.c:4159 #: ../version.c:4159
msgid "" msgid ""
"\n" "\n"
"Normal version "
msgstr ""
#: ../version.c:4161
msgid ""
"\n"
"Tiny version " "Tiny version "
msgstr "" msgstr ""
#: ../version.c:4162 #: ../version.c:4164
msgid "without GUI." msgid "without GUI."
msgstr "" msgstr ""
#: ../version.c:4165 #: ../version.c:4167
msgid "with GTK3 GUI." msgid "with GTK3 GUI."
msgstr "" msgstr ""
#: ../version.c:4167 #: ../version.c:4169
msgid "with GTK2-GNOME GUI." msgid "with GTK2-GNOME GUI."
msgstr "" msgstr ""
#: ../version.c:4169 #: ../version.c:4171
msgid "with GTK2 GUI." msgid "with GTK2 GUI."
msgstr "" msgstr ""
#: ../version.c:4172 #: ../version.c:4174
msgid "with X11-Motif GUI." msgid "with X11-Motif GUI."
msgstr "" msgstr ""
#: ../version.c:4174 #: ../version.c:4176
msgid "with Haiku GUI." msgid "with Haiku GUI."
msgstr "" msgstr ""
#: ../version.c:4176 #: ../version.c:4178
msgid "with Photon GUI." msgid "with Photon GUI."
msgstr "" msgstr ""
#: ../version.c:4178 #: ../version.c:4180
msgid "with GUI." msgid "with GUI."
msgstr "" msgstr ""
#: ../version.c:4180 #: ../version.c:4182
msgid " Features included (+) or not (-):\n" msgid " Features included (+) or not (-):\n"
msgstr "" msgstr ""
#: ../version.c:4187 #: ../version.c:4189
msgid " system vimrc file: \"" msgid " system vimrc file: \""
msgstr "" msgstr ""
#: ../version.c:4192 #: ../version.c:4194
msgid " user vimrc file: \"" msgid " user vimrc file: \""
msgstr "" msgstr ""
#: ../version.c:4197 #: ../version.c:4199
msgid " 2nd user vimrc file: \"" msgid " 2nd user vimrc file: \""
msgstr "" msgstr ""
#: ../version.c:4202 ../version.c:4209 ../version.c:4213 #: ../version.c:4204 ../version.c:4211 ../version.c:4215
msgid " 3rd user vimrc file: \"" msgid " 3rd user vimrc file: \""
msgstr "" msgstr ""
#: ../version.c:4205 #: ../version.c:4207
msgid " 4th user vimrc file: \"" msgid " 4th user vimrc file: \""
msgstr "" msgstr ""
#: ../version.c:4218 #: ../version.c:4220
msgid " user exrc file: \"" msgid " user exrc file: \""
msgstr "" msgstr ""
#: ../version.c:4223 #: ../version.c:4225
msgid " 2nd user exrc file: \"" msgid " 2nd user exrc file: \""
msgstr "" msgstr ""
#: ../version.c:4229 #: ../version.c:4231
msgid " system gvimrc file: \"" msgid " system gvimrc file: \""
msgstr "" msgstr ""
#: ../version.c:4233 #: ../version.c:4235
msgid " user gvimrc file: \"" msgid " user gvimrc file: \""
msgstr "" msgstr ""
#: ../version.c:4237 #: ../version.c:4239
msgid "2nd user gvimrc file: \"" msgid "2nd user gvimrc file: \""
msgstr "" msgstr ""
#: ../version.c:4242 #: ../version.c:4244
msgid "3rd user gvimrc file: \"" msgid "3rd user gvimrc file: \""
msgstr "" msgstr ""
#: ../version.c:4247 #: ../version.c:4249
msgid " defaults file: \"" msgid " defaults file: \""
msgstr "" msgstr ""
#: ../version.c:4252 #: ../version.c:4254
msgid " system menu file: \"" msgid " system menu file: \""
msgstr "" msgstr ""
#: ../version.c:4260 #: ../version.c:4262
msgid " fall-back for $VIM: \"" msgid " fall-back for $VIM: \""
msgstr "" msgstr ""
#: ../version.c:4266 #: ../version.c:4268
msgid " f-b for $VIMRUNTIME: \"" msgid " f-b for $VIMRUNTIME: \""
msgstr "" msgstr ""
#: ../version.c:4270 #: ../version.c:4272
msgid "Compilation: " msgid "Compilation: "
msgstr "" msgstr ""
#: ../version.c:4276 #: ../version.c:4278
msgid "Compiler: " msgid "Compiler: "
msgstr "" msgstr ""
#: ../version.c:4281 #: ../version.c:4283
msgid "Linking: " msgid "Linking: "
msgstr "" msgstr ""
#: ../version.c:4286 #: ../version.c:4288
msgid " DEBUG BUILD" msgid " DEBUG BUILD"
msgstr "" msgstr ""
#: ../version.c:4322 #: ../version.c:4324
msgid "VIM - Vi IMproved" msgid "VIM - Vi IMproved"
msgstr "" msgstr ""
#: ../version.c:4324 #: ../version.c:4326
msgid "version " msgid "version "
msgstr "" msgstr ""
#: ../version.c:4325 #: ../version.c:4327
msgid "by Bram Moolenaar et al." msgid "by Bram Moolenaar et al."
msgstr "" msgstr ""
#: ../version.c:4329 #: ../version.c:4331
msgid "Vim is open source and freely distributable" msgid "Vim is open source and freely distributable"
msgstr "" msgstr ""
#: ../version.c:4331 #: ../version.c:4333
msgid "Help poor children in Uganda!" msgid "Help poor children in Uganda!"
msgstr "" msgstr ""
#: ../version.c:4332 #: ../version.c:4334
msgid "type :help iccf<Enter> for information " msgid "type :help iccf<Enter> for information "
msgstr "" msgstr ""
#: ../version.c:4334 #: ../version.c:4336
msgid "type :q<Enter> to exit " msgid "type :q<Enter> to exit "
msgstr "" msgstr ""
#: ../version.c:4335 #: ../version.c:4337
msgid "type :help<Enter> or <F1> for on-line help" msgid "type :help<Enter> or <F1> for on-line help"
msgstr "" msgstr ""
#: ../version.c:4336 #: ../version.c:4338
msgid "type :help version9<Enter> for version info" msgid "type :help version9<Enter> for version info"
msgstr "" msgstr ""
#: ../version.c:4339 #: ../version.c:4341
msgid "Running in Vi compatible mode" msgid "Running in Vi compatible mode"
msgstr "" msgstr ""
#: ../version.c:4340 #: ../version.c:4342
msgid "type :set nocp<Enter> for Vim defaults" msgid "type :set nocp<Enter> for Vim defaults"
msgstr "" msgstr ""
#: ../version.c:4341 #: ../version.c:4343
msgid "type :help cp-default<Enter> for info on this" msgid "type :help cp-default<Enter> for info on this"
msgstr "" msgstr ""
#: ../version.c:4356 #: ../version.c:4358
msgid "menu Help->Orphans for information " msgid "menu Help->Orphans for information "
msgstr "" msgstr ""
#: ../version.c:4358 #: ../version.c:4360
msgid "Running modeless, typed text is inserted" msgid "Running modeless, typed text is inserted"
msgstr "" msgstr ""
#: ../version.c:4359 #: ../version.c:4361
msgid "menu Edit->Global Settings->Toggle Insert Mode " msgid "menu Edit->Global Settings->Toggle Insert Mode "
msgstr "" msgstr ""
#: ../version.c:4360 #: ../version.c:4362
msgid " for two modes " msgid " for two modes "
msgstr "" msgstr ""
#: ../version.c:4364 #: ../version.c:4366
msgid "menu Edit->Global Settings->Toggle Vi Compatible" msgid "menu Edit->Global Settings->Toggle Vi Compatible"
msgstr "" msgstr ""
#: ../version.c:4365 #: ../version.c:4367
msgid " for Vim defaults " msgid " for Vim defaults "
msgstr "" msgstr ""
#: ../version.c:4406 #: ../version.c:4408
msgid "Sponsor Vim development!" msgid "Sponsor Vim development!"
msgstr "" msgstr ""
#: ../version.c:4407 #: ../version.c:4409
msgid "Become a registered Vim user!" msgid "Become a registered Vim user!"
msgstr "" msgstr ""
#: ../version.c:4410 #: ../version.c:4412
msgid "type :help sponsor<Enter> for information " msgid "type :help sponsor<Enter> for information "
msgstr "" msgstr ""
#: ../version.c:4411 #: ../version.c:4413
msgid "type :help register<Enter> for information " msgid "type :help register<Enter> for information "
msgstr "" msgstr ""
#: ../version.c:4413 #: ../version.c:4415
msgid "menu Help->Sponsor/Register for information " msgid "menu Help->Sponsor/Register for information "
msgstr "" msgstr ""

BIN
src/testdir/samples/evil.zip Normal file
View File

Binary file not shown.

56
src/testdir/test_plugin_zip.vim
View File

@ -1,21 +1,23 @@
vim9script
CheckExecutable unzip CheckExecutable unzip
if 0 " Find uncovered line if 0 # Find uncovered line
profile start zip_profile profile start zip_profile
profile! file */zip*.vim profile! file */zip*.vim
endif endif
runtime plugin/zipPlugin.vim runtime plugin/zipPlugin.vim
def Test_zip_basic() def CopyZipFile(source: string)
if !filecopy($"samples/{source}", "X.zip")
### get our zip file assert_report($"Can't copy samples/{source}.zip")
if !filecopy("samples/test.zip", "X.zip")
assert_report("Can't copy samples/test.zip")
return
endif endif
defer delete("X.zip") enddef
def g:Test_zip_basic()
CopyZipFile("test.zip")
defer delete("X.zip")
e X.zip e X.zip
### Check header ### Check header
@ -136,15 +138,11 @@ def Test_zip_basic()
bw bw
enddef enddef
def Test_zip_glob_fname() def g:Test_zip_glob_fname()
CheckNotMSWindows CheckNotMSWindows
# does not work on Windows, why? # does not work on Windows, why?
### copy sample zip file CopyZipFile("testa.zip")
if !filecopy("samples/testa.zip", "X.zip")
assert_report("Can't copy samples/testa.zip")
return
endif
defer delete("X.zip") defer delete("X.zip")
defer delete('zipglob', 'rf') defer delete('zipglob', 'rf')
@ -234,14 +232,11 @@ def Test_zip_glob_fname()
bw bw
enddef enddef
def Test_zip_fname_leading_hyphen() def g:Test_zip_fname_leading_hyphen()
CheckNotMSWindows CheckNotMSWindows
### copy sample zip file ### copy sample zip file
if !filecopy("samples/poc.zip", "X.zip") CopyZipFile("poc.zip")
assert_report("Can't copy samples/poc.zip")
return
endif
defer delete("X.zip") defer delete("X.zip")
defer delete('-d', 'rf') defer delete('-d', 'rf')
defer delete('/tmp/pwned', 'rf') defer delete('/tmp/pwned', 'rf')
@ -256,3 +251,26 @@ def Test_zip_fname_leading_hyphen()
assert_false(filereadable('/tmp/pwned')) assert_false(filereadable('/tmp/pwned'))
bw bw
enddef enddef
def g:Test_zip_fname_evil_path()
CheckNotMSWindows
# needed for writing the zip file
CheckExecutable zip
CopyZipFile("evil.zip")
defer delete("X.zip")
e X.zip
:1
var fname = 'pwn'
search('\V' .. fname)
normal x
assert_false(filereadable('/etc/ax-pwn'))
var mess = execute(':mess')
assert_match('Path Traversal Attack', mess)
exe ":normal \<cr>"
:w
assert_match('zipfile://.*::etc/ax-pwn', @%)
bw
enddef

2
src/version.c
View File

@ -719,6 +719,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1551,
/**/ /**/
1550, 1550,
/**/ /**/