patch 9.1.1551: [security]: path traversal issue in zip.vim
Problem:  [security]: path traversal issue in zip.vim (@ax)
Solution: drop leading ../ on write of zipfiles, don't forcefully
          overwrite existing files
A zip plugin which contains filenames with leading '../'  may cause
confusion as to where the content will be extracted.  Let's drop such
things and make sure we use a relative filename instead and don't
forcefully overwrite temporary files. Also, warn the user of such
things.
related: #17733
Signed-off-by: Christian Brabandt <cb@256bit.org>
			
			
This commit is contained in:
		
							
								
								
									
										1
									
								
								Filelist
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								Filelist
									
									
									
									
									
								
							| @ -212,6 +212,7 @@ SRC_ALL =	\ | |||||||
| 		src/testdir/samples/*.html \ | 		src/testdir/samples/*.html \ | ||||||
| 		src/testdir/samples/*.txt \ | 		src/testdir/samples/*.txt \ | ||||||
| 		src/testdir/samples/*.vim \ | 		src/testdir/samples/*.vim \ | ||||||
|  | 		src/testdir/samples/evil.zip \ | ||||||
| 		src/testdir/samples/poc.zip \ | 		src/testdir/samples/poc.zip \ | ||||||
| 		src/testdir/samples/test.zip \ | 		src/testdir/samples/test.zip \ | ||||||
| 		src/testdir/samples/test000 \ | 		src/testdir/samples/test000 \ | ||||||
|  | |||||||
| @ -15,6 +15,7 @@ | |||||||
| " 2024 Aug 18 by Vim Project: correctly handle special globbing chars | " 2024 Aug 18 by Vim Project: correctly handle special globbing chars | ||||||
| " 2024 Aug 21 by Vim Project: simplify condition to detect MS-Windows | " 2024 Aug 21 by Vim Project: simplify condition to detect MS-Windows | ||||||
| " 2025 Mar 11 by Vim Project: handle filenames with leading '-' correctly | " 2025 Mar 11 by Vim Project: handle filenames with leading '-' correctly | ||||||
|  | " 2025 Jul 12 by Vim Project: drop ../ on write to prevent path traversal attacks | ||||||
| " License:	Vim License  (see vim's :help license) | " License:	Vim License  (see vim's :help license) | ||||||
| " Copyright:	Copyright (C) 2005-2019 Charles E. Campbell {{{1 | " Copyright:	Copyright (C) 2005-2019 Charles E. Campbell {{{1 | ||||||
| "		Permission is hereby granted to use and distribute this code, | "		Permission is hereby granted to use and distribute this code, | ||||||
| @ -236,59 +237,62 @@ endfun | |||||||
| " zip#Write: {{{2 | " zip#Write: {{{2 | ||||||
| fun! zip#Write(fname) | fun! zip#Write(fname) | ||||||
|   let dict = s:SetSaneOpts() |   let dict = s:SetSaneOpts() | ||||||
|  |   let need_rename = 0 | ||||||
|   defer s:RestoreOpts(dict) |   defer s:RestoreOpts(dict) | ||||||
|  |  | ||||||
|   " sanity checks |   " sanity checks | ||||||
|   if !executable(substitute(g:zip_zipcmd,'\s\+.*$','','')) |   if !executable(substitute(g:zip_zipcmd,'\s\+.*$','','')) | ||||||
|    call s:Mess('Error', "***error*** (zip#Write) sorry, your system doesn't appear to have the ".g:zip_zipcmd." program") |     call s:Mess('Error', "***error*** (zip#Write) sorry, your system doesn't appear to have the ".g:zip_zipcmd." program") | ||||||
|    return |     return | ||||||
|   endif |  | ||||||
|   if !exists("*mkdir") |  | ||||||
|    call s:Mess('Error', "***error*** (zip#Write) sorry, mkdir() doesn't work on your system") |  | ||||||
|    return |  | ||||||
|   endif |   endif | ||||||
|  |  | ||||||
|   let curdir= getcwd() |   let curdir= getcwd() | ||||||
|   let tmpdir= tempname() |   let tmpdir= tempname() | ||||||
|   if tmpdir =~ '\.' |   if tmpdir =~ '\.' | ||||||
|    let tmpdir= substitute(tmpdir,'\.[^.]*$','','e') |     let tmpdir= substitute(tmpdir,'\.[^.]*$','','e') | ||||||
|   endif |   endif | ||||||
|   call mkdir(tmpdir,"p") |   call mkdir(tmpdir,"p") | ||||||
|  |  | ||||||
|   " attempt to change to the indicated directory |   " attempt to change to the indicated directory | ||||||
|   if s:ChgDir(tmpdir,s:ERROR,"(zip#Write) cannot cd to temporary directory") |   if s:ChgDir(tmpdir,s:ERROR,"(zip#Write) cannot cd to temporary directory") | ||||||
|    return |     return | ||||||
|   endif |   endif | ||||||
|  |  | ||||||
|   " place temporary files under .../_ZIPVIM_/ |   " place temporary files under .../_ZIPVIM_/ | ||||||
|   if isdirectory("_ZIPVIM_") |   if isdirectory("_ZIPVIM_") | ||||||
|    call delete("_ZIPVIM_", "rf") |     call delete("_ZIPVIM_", "rf") | ||||||
|   endif |   endif | ||||||
|   call mkdir("_ZIPVIM_") |   call mkdir("_ZIPVIM_") | ||||||
|   cd _ZIPVIM_ |   cd _ZIPVIM_ | ||||||
|  |  | ||||||
|   if has("unix") |   if has("unix") | ||||||
|    let zipfile = substitute(a:fname,'zipfile://\(.\{-}\)::[^\\].*$','\1','') |     let zipfile = substitute(a:fname,'zipfile://\(.\{-}\)::[^\\].*$','\1','') | ||||||
|    let fname   = substitute(a:fname,'zipfile://.\{-}::\([^\\].*\)$','\1','') |     let fname   = substitute(a:fname,'zipfile://.\{-}::\([^\\].*\)$','\1','') | ||||||
|   else |   else | ||||||
|    let zipfile = substitute(a:fname,'^.\{-}zipfile://\(.\{-}\)::[^\\].*$','\1','') |     let zipfile = substitute(a:fname,'^.\{-}zipfile://\(.\{-}\)::[^\\].*$','\1','') | ||||||
|    let fname   = substitute(a:fname,'^.\{-}zipfile://.\{-}::\([^\\].*\)$','\1','') |     let fname   = substitute(a:fname,'^.\{-}zipfile://.\{-}::\([^\\].*\)$','\1','') | ||||||
|  |   endif | ||||||
|  |   if fname =~ '^[.]\{1,2}/' | ||||||
|  |     call system(g:zip_zipcmd." -d ".s:Escape(fnamemodify(zipfile,":p"),0)." ".s:Escape(fname,0)) | ||||||
|  |     let fname = fname->substitute('^\([.]\{1,2}/\)\+', '', 'g') | ||||||
|  |     let need_rename = 1 | ||||||
|   endif |   endif | ||||||
|  |  | ||||||
|   if fname =~ '/' |   if fname =~ '/' | ||||||
|    let dirpath = substitute(fname,'/[^/]\+$','','e') |     let dirpath = substitute(fname,'/[^/]\+$','','e') | ||||||
|    if has("win32unix") && executable("cygpath") |     if has("win32unix") && executable("cygpath") | ||||||
|     let dirpath = substitute(system("cygpath ".s:Escape(dirpath,0)),'\n','','e') |     let dirpath = substitute(system("cygpath ".s:Escape(dirpath,0)),'\n','','e') | ||||||
|    endif |     endif | ||||||
|    call mkdir(dirpath,"p") |     call mkdir(dirpath,"p") | ||||||
|   endif |   endif | ||||||
|   if zipfile !~ '/' |   if zipfile !~ '/' | ||||||
|    let zipfile= curdir.'/'.zipfile |     let zipfile= curdir.'/'.zipfile | ||||||
|   endif |   endif | ||||||
|  |  | ||||||
|   exe "w! ".fnameescape(fname) |   " don't overwrite files forcefully | ||||||
|  |   exe "w ".fnameescape(fname) | ||||||
|   if has("win32unix") && executable("cygpath") |   if has("win32unix") && executable("cygpath") | ||||||
|    let zipfile = substitute(system("cygpath ".s:Escape(zipfile,0)),'\n','','e') |     let zipfile = substitute(system("cygpath ".s:Escape(zipfile,0)),'\n','','e') | ||||||
|   endif |   endif | ||||||
|  |  | ||||||
|   if (has("win32") || has("win95") || has("win64") || has("win16")) && &shell !~? 'sh$' |   if (has("win32") || has("win95") || has("win64") || has("win16")) && &shell !~? 'sh$' | ||||||
| @ -297,21 +301,24 @@ fun! zip#Write(fname) | |||||||
|  |  | ||||||
|   call system(g:zip_zipcmd." -u ".s:Escape(fnamemodify(zipfile,":p"),0)." ".s:Escape(fname,0)) |   call system(g:zip_zipcmd." -u ".s:Escape(fnamemodify(zipfile,":p"),0)." ".s:Escape(fname,0)) | ||||||
|   if v:shell_error != 0 |   if v:shell_error != 0 | ||||||
|    call s:Mess('Error', "***error*** (zip#Write) sorry, unable to update ".zipfile." with ".fname) |     call s:Mess('Error', "***error*** (zip#Write) sorry, unable to update ".zipfile." with ".fname) | ||||||
|  |  | ||||||
|   elseif s:zipfile_{winnr()} =~ '^\a\+://' |   elseif s:zipfile_{winnr()} =~ '^\a\+://' | ||||||
|    " support writing zipfiles across a network |     " support writing zipfiles across a network | ||||||
|    let netzipfile= s:zipfile_{winnr()} |     let netzipfile= s:zipfile_{winnr()} | ||||||
|    1split|enew |     1split|enew | ||||||
|    let binkeep= &binary |     let binkeep= &binary | ||||||
|    let eikeep = &ei |     let eikeep = &ei | ||||||
|    set binary ei=all |     set binary ei=all | ||||||
|    exe "noswapfile e! ".fnameescape(zipfile) |     exe "noswapfile e! ".fnameescape(zipfile) | ||||||
|    call netrw#NetWrite(netzipfile) |     call netrw#NetWrite(netzipfile) | ||||||
|    let &ei     = eikeep |     let &ei     = eikeep | ||||||
|    let &binary = binkeep |     let &binary = binkeep | ||||||
|    q! |     q! | ||||||
|    unlet s:zipfile_{winnr()} |     unlet s:zipfile_{winnr()} | ||||||
|  |   elseif need_rename | ||||||
|  |     exe $"sil keepalt file {fnameescape($"zipfile://{zipfile}::{fname}")}" | ||||||
|  |     call s:Mess('Warning', "***error*** (zip#Browse) Path Traversal Attack detected, dropping relative path") | ||||||
|   endif |   endif | ||||||
|  |  | ||||||
|   " cleanup and restore current directory |   " cleanup and restore current directory | ||||||
| @ -320,7 +327,6 @@ fun! zip#Write(fname) | |||||||
|   call s:ChgDir(curdir,s:WARNING,"(zip#Write) unable to return to ".curdir."!") |   call s:ChgDir(curdir,s:WARNING,"(zip#Write) unable to return to ".curdir."!") | ||||||
|   call delete(tmpdir, "rf") |   call delete(tmpdir, "rf") | ||||||
|   setlocal nomod |   setlocal nomod | ||||||
|  |  | ||||||
| endfun | endfun | ||||||
|  |  | ||||||
| " --------------------------------------------------------------------- | " --------------------------------------------------------------------- | ||||||
| @ -333,15 +339,18 @@ fun! zip#Extract() | |||||||
|  |  | ||||||
|   " sanity check |   " sanity check | ||||||
|   if fname =~ '^"' |   if fname =~ '^"' | ||||||
|    return |     return | ||||||
|   endif |   endif | ||||||
|   if fname =~ '/$' |   if fname =~ '/$' | ||||||
|    call s:Mess('Error', "***error*** (zip#Extract) Please specify a file, not a directory") |     call s:Mess('Error', "***error*** (zip#Extract) Please specify a file, not a directory") | ||||||
|    return |     return | ||||||
|  |   elseif fname =~ '^[.]\?[.]/' | ||||||
|  |     call s:Mess('Error', "***error*** (zip#Browse) Path Traversal Attack detected, not extracting!") | ||||||
|  |     return | ||||||
|   endif |   endif | ||||||
|   if filereadable(fname) |   if filereadable(fname) | ||||||
|    call s:Mess('Error', "***error*** (zip#Extract) <" .. fname .."> already exists in directory, not overwriting!") |     call s:Mess('Error', "***error*** (zip#Extract) <" .. fname .."> already exists in directory, not overwriting!") | ||||||
|    return |     return | ||||||
|   endif |   endif | ||||||
|   let target = fname->substitute('\[', '[[]', 'g') |   let target = fname->substitute('\[', '[[]', 'g') | ||||||
|   " unzip 6.0 does not support -- to denote end-of-arguments |   " unzip 6.0 does not support -- to denote end-of-arguments | ||||||
| @ -363,13 +372,12 @@ fun! zip#Extract() | |||||||
|   " extract the file mentioned under the cursor |   " extract the file mentioned under the cursor | ||||||
|   call system($"{g:zip_extractcmd} -o {shellescape(b:zipfile)} {target}") |   call system($"{g:zip_extractcmd} -o {shellescape(b:zipfile)} {target}") | ||||||
|   if v:shell_error != 0 |   if v:shell_error != 0 | ||||||
|    call s:Mess('Error', "***error*** ".g:zip_extractcmd." ".b:zipfile." ".fname.": failed!") |     call s:Mess('Error', "***error*** ".g:zip_extractcmd." ".b:zipfile." ".fname.": failed!") | ||||||
|   elseif !filereadable(fname) |   elseif !filereadable(fname) | ||||||
|    call s:Mess('Error', "***error*** attempted to extract ".fname." but it doesn't appear to be present!") |     call s:Mess('Error', "***error*** attempted to extract ".fname." but it doesn't appear to be present!") | ||||||
|   else |   else | ||||||
|    echomsg "***note*** successfully extracted ".fname |     echomsg "***note*** successfully extracted ".fname | ||||||
|   endif |   endif | ||||||
|  |  | ||||||
| endfun | endfun | ||||||
|  |  | ||||||
| " --------------------------------------------------------------------- | " --------------------------------------------------------------------- | ||||||
|  | |||||||
| @ -1,4 +1,4 @@ | |||||||
| *pi_zip.txt*	For Vim version 9.1.  Last change: 2025 Apr 02 | *pi_zip.txt*	For Vim version 9.1.  Last change: 2025 Jul 15 | ||||||
|  |  | ||||||
| 				+====================+ | 				+====================+ | ||||||
| 				| Zip File Interface | | 				| Zip File Interface | | ||||||
| @ -111,6 +111,18 @@ Copyright: Copyright (C) 2005-2015 Charles E Campbell	 *zip-copyright* | |||||||
|  |  | ||||||
| ============================================================================== | ============================================================================== | ||||||
| 4. History							*zip-history* {{{1 | 4. History							*zip-history* {{{1 | ||||||
|  |    unreleased: | ||||||
|  |        Jul 12, 2025 * drop ../ on write to prevent path traversal attacks | ||||||
|  |        Mar 11, 2025 * handle filenames with leading '-' correctly | ||||||
|  |        Aug 21, 2024 * simplify condition to detect MS-Windows | ||||||
|  |        Aug 18, 2024 * correctly handle special globbing chars | ||||||
|  |        Aug 05, 2024 * clean-up and make it work with shellslash on Windows | ||||||
|  |        Aug 05, 2024 * workaround for the FreeBSD's unzip | ||||||
|  |        Aug 04, 2024 * escape '[' in name of file to be extracted | ||||||
|  |        Jul 30, 2024 * fix opening remote zipfile | ||||||
|  |        Jul 24, 2024 * use delete() function | ||||||
|  |        Jul 23, 2024 * fix 'x' command | ||||||
|  |        Jun 16, 2024 * handle whitespace on Windows properly (#14998) | ||||||
|    v33 Dec 07, 2021 * *.xlam mentioned twice in zipPlugin |    v33 Dec 07, 2021 * *.xlam mentioned twice in zipPlugin | ||||||
|    v32 Oct 22, 2021 * to avoid an issue with a vim 8.2 patch, zipfile: has |    v32 Oct 22, 2021 * to avoid an issue with a vim 8.2 patch, zipfile: has | ||||||
| 		      been changed to zipfile:// . This often shows up | 		      been changed to zipfile:// . This often shows up | ||||||
|  | |||||||
							
								
								
									
										162
									
								
								src/po/vim.pot
									
									
									
									
									
								
							
							
						
						
									
										162
									
								
								src/po/vim.pot
									
									
									
									
									
								
							| @ -8,7 +8,7 @@ msgid "" | |||||||
| msgstr "" | msgstr "" | ||||||
| "Project-Id-Version: PACKAGE VERSION\n" | "Project-Id-Version: PACKAGE VERSION\n" | ||||||
| "Report-Msgid-Bugs-To: \n" | "Report-Msgid-Bugs-To: \n" | ||||||
| "POT-Creation-Date: 2025-07-15 21:26+0200\n" | "POT-Creation-Date: 2025-07-15 21:42+0200\n" | ||||||
| "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" | ||||||
| "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | ||||||
| "Language-Team: LANGUAGE <LL@li.org>\n" | "Language-Team: LANGUAGE <LL@li.org>\n" | ||||||
| @ -4257,327 +4257,327 @@ msgstr "" | |||||||
| msgid "%s (%s, compiled %s)" | msgid "%s (%s, compiled %s)" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4034 | #: ../version.c:4036 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "MS-Windows ARM64 GUI/console version" | "MS-Windows ARM64 GUI/console version" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4036 | #: ../version.c:4038 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "MS-Windows 64-bit GUI/console version" | "MS-Windows 64-bit GUI/console version" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4039 | #: ../version.c:4041 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "MS-Windows 32-bit GUI/console version" | "MS-Windows 32-bit GUI/console version" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4044 | #: ../version.c:4046 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "MS-Windows ARM64 GUI version" | "MS-Windows ARM64 GUI version" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4046 | #: ../version.c:4048 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "MS-Windows 64-bit GUI version" | "MS-Windows 64-bit GUI version" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4049 | #: ../version.c:4051 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "MS-Windows 32-bit GUI version" | "MS-Windows 32-bit GUI version" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4053 | #: ../version.c:4055 | ||||||
| msgid " with OLE support" | msgid " with OLE support" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4058 |  | ||||||
| msgid "" |  | ||||||
| "\n" |  | ||||||
| "MS-Windows ARM64 console version" |  | ||||||
| msgstr "" |  | ||||||
|  |  | ||||||
| #: ../version.c:4060 | #: ../version.c:4060 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
|  | "MS-Windows ARM64 console version" | ||||||
|  | msgstr "" | ||||||
|  |  | ||||||
|  | #: ../version.c:4062 | ||||||
|  | msgid "" | ||||||
|  | "\n" | ||||||
| "MS-Windows 64-bit console version" | "MS-Windows 64-bit console version" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4063 | #: ../version.c:4065 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "MS-Windows 32-bit console version" | "MS-Windows 32-bit console version" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4069 | #: ../version.c:4071 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "macOS version" | "macOS version" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4071 | #: ../version.c:4073 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "macOS version w/o darwin feat." | "macOS version w/o darwin feat." | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4081 | #: ../version.c:4083 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "OpenVMS version" | "OpenVMS version" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4096 | #: ../version.c:4098 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "Included patches: " | "Included patches: " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4121 | #: ../version.c:4123 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "Extra patches: " | "Extra patches: " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4133 ../version.c:4444 | #: ../version.c:4135 ../version.c:4446 | ||||||
| msgid "Modified by " | msgid "Modified by " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4140 | #: ../version.c:4142 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "Compiled " | "Compiled " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4143 | #: ../version.c:4145 | ||||||
| msgid "by " | msgid "by " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4155 |  | ||||||
| msgid "" |  | ||||||
| "\n" |  | ||||||
| "Huge version " |  | ||||||
| msgstr "" |  | ||||||
|  |  | ||||||
| #: ../version.c:4157 | #: ../version.c:4157 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
| "Normal version " | "Huge version " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4159 | #: ../version.c:4159 | ||||||
| msgid "" | msgid "" | ||||||
| "\n" | "\n" | ||||||
|  | "Normal version " | ||||||
|  | msgstr "" | ||||||
|  |  | ||||||
|  | #: ../version.c:4161 | ||||||
|  | msgid "" | ||||||
|  | "\n" | ||||||
| "Tiny version " | "Tiny version " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4162 | #: ../version.c:4164 | ||||||
| msgid "without GUI." | msgid "without GUI." | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4165 | #: ../version.c:4167 | ||||||
| msgid "with GTK3 GUI." | msgid "with GTK3 GUI." | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4167 | #: ../version.c:4169 | ||||||
| msgid "with GTK2-GNOME GUI." | msgid "with GTK2-GNOME GUI." | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4169 | #: ../version.c:4171 | ||||||
| msgid "with GTK2 GUI." | msgid "with GTK2 GUI." | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4172 | #: ../version.c:4174 | ||||||
| msgid "with X11-Motif GUI." | msgid "with X11-Motif GUI." | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4174 | #: ../version.c:4176 | ||||||
| msgid "with Haiku GUI." | msgid "with Haiku GUI." | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4176 | #: ../version.c:4178 | ||||||
| msgid "with Photon GUI." | msgid "with Photon GUI." | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4178 | #: ../version.c:4180 | ||||||
| msgid "with GUI." | msgid "with GUI." | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4180 | #: ../version.c:4182 | ||||||
| msgid "  Features included (+) or not (-):\n" | msgid "  Features included (+) or not (-):\n" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4187 | #: ../version.c:4189 | ||||||
| msgid "   system vimrc file: \"" | msgid "   system vimrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4192 | #: ../version.c:4194 | ||||||
| msgid "     user vimrc file: \"" | msgid "     user vimrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4197 | #: ../version.c:4199 | ||||||
| msgid " 2nd user vimrc file: \"" | msgid " 2nd user vimrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4202 ../version.c:4209 ../version.c:4213 | #: ../version.c:4204 ../version.c:4211 ../version.c:4215 | ||||||
| msgid " 3rd user vimrc file: \"" | msgid " 3rd user vimrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4205 | #: ../version.c:4207 | ||||||
| msgid " 4th user vimrc file: \"" | msgid " 4th user vimrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4218 | #: ../version.c:4220 | ||||||
| msgid "      user exrc file: \"" | msgid "      user exrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4223 | #: ../version.c:4225 | ||||||
| msgid "  2nd user exrc file: \"" | msgid "  2nd user exrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4229 | #: ../version.c:4231 | ||||||
| msgid "  system gvimrc file: \"" | msgid "  system gvimrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4233 | #: ../version.c:4235 | ||||||
| msgid "    user gvimrc file: \"" | msgid "    user gvimrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4237 | #: ../version.c:4239 | ||||||
| msgid "2nd user gvimrc file: \"" | msgid "2nd user gvimrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4242 | #: ../version.c:4244 | ||||||
| msgid "3rd user gvimrc file: \"" | msgid "3rd user gvimrc file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4247 | #: ../version.c:4249 | ||||||
| msgid "       defaults file: \"" | msgid "       defaults file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4252 | #: ../version.c:4254 | ||||||
| msgid "    system menu file: \"" | msgid "    system menu file: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4260 | #: ../version.c:4262 | ||||||
| msgid "  fall-back for $VIM: \"" | msgid "  fall-back for $VIM: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4266 | #: ../version.c:4268 | ||||||
| msgid " f-b for $VIMRUNTIME: \"" | msgid " f-b for $VIMRUNTIME: \"" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4270 | #: ../version.c:4272 | ||||||
| msgid "Compilation: " | msgid "Compilation: " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4276 | #: ../version.c:4278 | ||||||
| msgid "Compiler: " | msgid "Compiler: " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4281 | #: ../version.c:4283 | ||||||
| msgid "Linking: " | msgid "Linking: " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4286 | #: ../version.c:4288 | ||||||
| msgid "  DEBUG BUILD" | msgid "  DEBUG BUILD" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4322 | #: ../version.c:4324 | ||||||
| msgid "VIM - Vi IMproved" | msgid "VIM - Vi IMproved" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4324 | #: ../version.c:4326 | ||||||
| msgid "version " | msgid "version " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4325 | #: ../version.c:4327 | ||||||
| msgid "by Bram Moolenaar et al." | msgid "by Bram Moolenaar et al." | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4329 | #: ../version.c:4331 | ||||||
| msgid "Vim is open source and freely distributable" | msgid "Vim is open source and freely distributable" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4331 | #: ../version.c:4333 | ||||||
| msgid "Help poor children in Uganda!" | msgid "Help poor children in Uganda!" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4332 | #: ../version.c:4334 | ||||||
| msgid "type  :help iccf<Enter>       for information " | msgid "type  :help iccf<Enter>       for information " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4334 | #: ../version.c:4336 | ||||||
| msgid "type  :q<Enter>               to exit         " | msgid "type  :q<Enter>               to exit         " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4335 | #: ../version.c:4337 | ||||||
| msgid "type  :help<Enter>  or  <F1>  for on-line help" | msgid "type  :help<Enter>  or  <F1>  for on-line help" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4336 | #: ../version.c:4338 | ||||||
| msgid "type  :help version9<Enter>   for version info" | msgid "type  :help version9<Enter>   for version info" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4339 | #: ../version.c:4341 | ||||||
| msgid "Running in Vi compatible mode" | msgid "Running in Vi compatible mode" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4340 | #: ../version.c:4342 | ||||||
| msgid "type  :set nocp<Enter>        for Vim defaults" | msgid "type  :set nocp<Enter>        for Vim defaults" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4341 | #: ../version.c:4343 | ||||||
| msgid "type  :help cp-default<Enter> for info on this" | msgid "type  :help cp-default<Enter> for info on this" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4356 | #: ../version.c:4358 | ||||||
| msgid "menu  Help->Orphans           for information    " | msgid "menu  Help->Orphans           for information    " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4358 | #: ../version.c:4360 | ||||||
| msgid "Running modeless, typed text is inserted" | msgid "Running modeless, typed text is inserted" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4359 | #: ../version.c:4361 | ||||||
| msgid "menu  Edit->Global Settings->Toggle Insert Mode  " | msgid "menu  Edit->Global Settings->Toggle Insert Mode  " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4360 | #: ../version.c:4362 | ||||||
| msgid "                              for two modes      " | msgid "                              for two modes      " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4364 | #: ../version.c:4366 | ||||||
| msgid "menu  Edit->Global Settings->Toggle Vi Compatible" | msgid "menu  Edit->Global Settings->Toggle Vi Compatible" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4365 | #: ../version.c:4367 | ||||||
| msgid "                              for Vim defaults   " | msgid "                              for Vim defaults   " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4406 | #: ../version.c:4408 | ||||||
| msgid "Sponsor Vim development!" | msgid "Sponsor Vim development!" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4407 | #: ../version.c:4409 | ||||||
| msgid "Become a registered Vim user!" | msgid "Become a registered Vim user!" | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4410 | #: ../version.c:4412 | ||||||
| msgid "type  :help sponsor<Enter>    for information " | msgid "type  :help sponsor<Enter>    for information " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4411 | #: ../version.c:4413 | ||||||
| msgid "type  :help register<Enter>   for information " | msgid "type  :help register<Enter>   for information " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
| #: ../version.c:4413 | #: ../version.c:4415 | ||||||
| msgid "menu  Help->Sponsor/Register  for information    " | msgid "menu  Help->Sponsor/Register  for information    " | ||||||
| msgstr "" | msgstr "" | ||||||
|  |  | ||||||
|  | |||||||
							
								
								
									
										
											BIN
										
									
								
								src/testdir/samples/evil.zip
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								src/testdir/samples/evil.zip
									
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							| @ -1,21 +1,23 @@ | |||||||
|  | vim9script | ||||||
|  |  | ||||||
| CheckExecutable unzip | CheckExecutable unzip | ||||||
|  |  | ||||||
| if 0 " Find uncovered line | if 0 # Find uncovered line | ||||||
|   profile start zip_profile |   profile start zip_profile | ||||||
|   profile! file */zip*.vim |   profile! file */zip*.vim | ||||||
| endif | endif | ||||||
|  |  | ||||||
| runtime plugin/zipPlugin.vim | runtime plugin/zipPlugin.vim | ||||||
|  |  | ||||||
| def Test_zip_basic() | def CopyZipFile(source: string) | ||||||
|  |   if !filecopy($"samples/{source}", "X.zip") | ||||||
|   ### get our zip file |     assert_report($"Can't copy samples/{source}.zip") | ||||||
|   if !filecopy("samples/test.zip", "X.zip") |  | ||||||
|     assert_report("Can't copy samples/test.zip") |  | ||||||
|     return |  | ||||||
|   endif |   endif | ||||||
|   defer delete("X.zip") | enddef | ||||||
|  |  | ||||||
|  | def g:Test_zip_basic() | ||||||
|  |   CopyZipFile("test.zip") | ||||||
|  |   defer delete("X.zip") | ||||||
|   e X.zip |   e X.zip | ||||||
|  |  | ||||||
|   ### Check header |   ### Check header | ||||||
| @ -136,15 +138,11 @@ def Test_zip_basic() | |||||||
|   bw |   bw | ||||||
| enddef | enddef | ||||||
|  |  | ||||||
| def Test_zip_glob_fname() | def g:Test_zip_glob_fname() | ||||||
|   CheckNotMSWindows |   CheckNotMSWindows | ||||||
|   # does not work on Windows, why? |   # does not work on Windows, why? | ||||||
|  |  | ||||||
|   ### copy sample zip file |   CopyZipFile("testa.zip") | ||||||
|   if !filecopy("samples/testa.zip", "X.zip") |  | ||||||
|     assert_report("Can't copy samples/testa.zip") |  | ||||||
|     return |  | ||||||
|   endif |  | ||||||
|   defer delete("X.zip") |   defer delete("X.zip") | ||||||
|   defer delete('zipglob', 'rf') |   defer delete('zipglob', 'rf') | ||||||
|  |  | ||||||
| @ -234,14 +232,11 @@ def Test_zip_glob_fname() | |||||||
|   bw |   bw | ||||||
| enddef | enddef | ||||||
|  |  | ||||||
| def Test_zip_fname_leading_hyphen() | def g:Test_zip_fname_leading_hyphen() | ||||||
|   CheckNotMSWindows |   CheckNotMSWindows | ||||||
|  |  | ||||||
|   ### copy sample zip file |   ### copy sample zip file | ||||||
|   if !filecopy("samples/poc.zip", "X.zip") |   CopyZipFile("poc.zip") | ||||||
|     assert_report("Can't copy samples/poc.zip") |  | ||||||
|     return |  | ||||||
|   endif |  | ||||||
|   defer delete("X.zip") |   defer delete("X.zip") | ||||||
|   defer delete('-d', 'rf') |   defer delete('-d', 'rf') | ||||||
|   defer delete('/tmp/pwned', 'rf') |   defer delete('/tmp/pwned', 'rf') | ||||||
| @ -256,3 +251,26 @@ def Test_zip_fname_leading_hyphen() | |||||||
|   assert_false(filereadable('/tmp/pwned')) |   assert_false(filereadable('/tmp/pwned')) | ||||||
|   bw |   bw | ||||||
| enddef | enddef | ||||||
|  |  | ||||||
|  | def g:Test_zip_fname_evil_path() | ||||||
|  |   CheckNotMSWindows | ||||||
|  |   # needed for writing the zip file | ||||||
|  |   CheckExecutable zip | ||||||
|  |  | ||||||
|  |   CopyZipFile("evil.zip") | ||||||
|  |   defer delete("X.zip") | ||||||
|  |   e X.zip | ||||||
|  |  | ||||||
|  |   :1 | ||||||
|  |   var fname = 'pwn' | ||||||
|  |   search('\V' .. fname) | ||||||
|  |   normal x | ||||||
|  |   assert_false(filereadable('/etc/ax-pwn')) | ||||||
|  |   var mess  = execute(':mess') | ||||||
|  |   assert_match('Path Traversal Attack', mess) | ||||||
|  |  | ||||||
|  |   exe ":normal \<cr>" | ||||||
|  |   :w | ||||||
|  |   assert_match('zipfile://.*::etc/ax-pwn', @%) | ||||||
|  |   bw | ||||||
|  | enddef | ||||||
|  | |||||||
| @ -719,6 +719,8 @@ static char *(features[]) = | |||||||
|  |  | ||||||
| static int included_patches[] = | static int included_patches[] = | ||||||
| {   /* Add new patch number below this line */ | {   /* Add new patch number below this line */ | ||||||
|  | /**/ | ||||||
|  |     1551, | ||||||
| /**/ | /**/ | ||||||
|     1550, |     1550, | ||||||
| /**/ | /**/ | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user