Patch 7.4.1777

Bram Moolenaar Fri, 22 Apr 2016 11:48:38 -0700

Patch 7.4.1777
Problem:    Newly added features can escape the sandbox.
Solution:   Add checks for restricted and secure. (Yasuhiro Matsumoto)
Files:      src/eval.c



*** ../vim-7.4.1776/src/eval.c  2016-04-22 10:00:31.888192784 +0200
--- src/eval.c  2016-04-22 20:39:16.676839294 +0200
***************
*** 10408,10413 ****
--- 10408,10415 ----
  f_ch_open(typval_T *argvars, typval_T *rettv)
  {
      rettv->v_type = VAR_CHANNEL;
+     if (check_restricted() || check_secure())
+       return;
      rettv->vval.v_channel = channel_open_func(argvars);
  }
  
***************
*** 15078,15083 ****
--- 15080,15087 ----
  f_job_start(typval_T *argvars, typval_T *rettv)
  {
      rettv->v_type = VAR_JOB;
+     if (check_restricted() || check_secure())
+       return;
      rettv->vval.v_job = job_start(argvars);
  }
  
***************
*** 16821,16828 ****
  #endif
  
  #ifdef FEAT_CLIENTSERVER
- static void remote_common(typval_T *argvars, typval_T *rettv, int expr);
- 
      static void
  remote_common(typval_T *argvars, typval_T *rettv, int expr)
  {
--- 16825,16830 ----
***************
*** 20683,20688 ****
--- 20685,20692 ----
      char_u  *callback;
      dict_T  *dict;
  
+     if (check_secure())
+       return;
      if (argvars[2].v_type != VAR_UNKNOWN)
      {
        if (argvars[2].v_type != VAR_DICT
*** ../vim-7.4.1776/src/version.c       2016-04-22 20:20:13.004866307 +0200
--- src/version.c       2016-04-22 20:36:44.914435404 +0200
***************
*** 755,756 ****
--- 755,758 ----
  {   /* Add new patch number below this line */
+ /**/
+     1777,
  /**/

-- 
ARTHUR:  Bloody peasant!
DENNIS:  Oh, what a give away.  Did you hear that, did you hear that, eh?
         That's what I'm on about -- did you see him repressing me, you saw it
         didn't you?
                                  The Quest for the Holy Grail (Monty Python)

 /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Patch 7.4.1777

Raspunde prin e-mail lui