[packages/vim.git] / 6.3.082

To: vim-dev@vim.org
Subject: Patch 6.3.082
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------

Patch 6.3.082 (after 6.3.081)
Problem:    Unix: expand() may execute a shell command when it's not wanted.
            (Georgi Guninski)
Solution:   A more generic solution than 6.3.081.
Files:      src/os_unix.c
    

*** ../vim-6.3.081/src/os_unix.c	Tue Jul 19 22:31:54 2005
--- src/os_unix.c	Wed Jul 20 10:54:12 2005
***************
*** 4697,4710 ****
      if (!have_wildcard(num_pat, pat))
  	return save_patterns(num_pat, pat, num_file, file);
  
      /*
       * Don't allow the use of backticks in secure and restricted mode.
       */
!     if (secure || restricted
! # ifdef HAVE_SANDBOX
! 	    || sandbox != 0
! # endif
! 	    )
  	for (i = 0; i < num_pat; ++i)
  	    if (vim_strchr(pat[i], '`') != NULL
  		    && (check_restricted() || check_secure()))
--- 4697,4712 ----
      if (!have_wildcard(num_pat, pat))
  	return save_patterns(num_pat, pat, num_file, file);
  
+ # ifdef HAVE_SANDBOX
+     /* Don't allow any shell command in the sandbox. */
+     if (sandbox != 0 && check_secure())
+ 	return FAIL;
+ # endif
+ 
      /*
       * Don't allow the use of backticks in secure and restricted mode.
       */
!     if (secure || restricted)
  	for (i = 0; i < num_pat; ++i)
  	    if (vim_strchr(pat[i], '`') != NULL
  		    && (check_restricted() || check_secure()))
*** ../vim-6.3.081/src/version.c	Tue Jul 19 22:31:54 2005
--- src/version.c	Wed Jul 20 11:03:50 2005
***************
*** 643,644 ****
--- 643,646 ----
  {   /* Add new patch number below this line */
+ /**/
+     82,
  /**/

-- 
No letters of the alphabet were harmed in the creation of this message.

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\              Project leader for A-A-P -- http://www.A-A-P.org        ///
 \\\     Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html   ///
Commit	Line	Data
63868179 AG	1	To: vim-dev@vim.org
	2	Subject: Patch 6.3.082
	3	Fcc: outbox
	4	From: Bram Moolenaar <Bram@moolenaar.net>
	5	Mime-Version: 1.0
	6	Content-Type: text/plain; charset=ISO-8859-1
	7	Content-Transfer-Encoding: 8bit
	8	------------
	9
	10	Patch 6.3.082 (after 6.3.081)
	11	Problem: Unix: expand() may execute a shell command when it's not wanted.
	12	(Georgi Guninski)
	13	Solution: A more generic solution than 6.3.081.
	14	Files: src/os_unix.c
	15
	16
	17	*** ../vim-6.3.081/src/os_unix.c Tue Jul 19 22:31:54 2005
	18	--- src/os_unix.c Wed Jul 20 10:54:12 2005
	19	***************
	20	* 4697,4710 **
	21	if (!have_wildcard(num_pat, pat))
	22	return save_patterns(num_pat, pat, num_file, file);
	23
	24	/*
	25	* Don't allow the use of backticks in secure and restricted mode.
	26	*/
	27	! if (secure \|\| restricted
	28	! # ifdef HAVE_SANDBOX
	29	! \|\| sandbox != 0
	30	! # endif
	31	! )
	32	for (i = 0; i < num_pat; ++i)
	33	if (vim_strchr(pat[i], '`') != NULL
	34	&& (check_restricted() \|\| check_secure()))
	35	--- 4697,4712 ----
	36	if (!have_wildcard(num_pat, pat))
	37	return save_patterns(num_pat, pat, num_file, file);
	38
	39	+ # ifdef HAVE_SANDBOX
	40	+ /* Don't allow any shell command in the sandbox. */
	41	+ if (sandbox != 0 && check_secure())
	42	+ return FAIL;
	43	+ # endif
	44	+
	45	/*
	46	* Don't allow the use of backticks in secure and restricted mode.
	47	*/
	48	! if (secure \|\| restricted)
	49	for (i = 0; i < num_pat; ++i)
	50	if (vim_strchr(pat[i], '`') != NULL
	51	&& (check_restricted() \|\| check_secure()))
	52	*** ../vim-6.3.081/src/version.c Tue Jul 19 22:31:54 2005
	53	--- src/version.c Wed Jul 20 11:03:50 2005
	54	***************
	55	* 643,644 **
	56	--- 643,646 ----
	57	{ /* Add new patch number below this line */
	58	+ /**/
	59	+ 82,
	60	/**/
	61
	62	--
	63	No letters of the alphabet were harmed in the creation of this message.
	64
65	/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
66	/// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
67	\\\ Project leader for A-A-P -- http://www.A-A-P.org ///
68	\\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html ///