71 lines
2.5 KiB
Diff
71 lines
2.5 KiB
Diff
diff -up vim91/runtime/autoload/zip.vim.zip-cve vim91/runtime/autoload/zip.vim
|
|
--- vim91/runtime/autoload/zip.vim.zip-cve 2024-02-09 06:33:54.000000000 +0100
|
|
+++ vim91/runtime/autoload/zip.vim 2025-09-10 17:25:19.916119963 +0200
|
|
@@ -266,6 +266,7 @@ fun! zip#Write(fname)
|
|
" call Dfunc("zip#Write(fname<".a:fname.">) zipfile_".winnr()."<".s:zipfile_{winnr()}.">")
|
|
let repkeep= &report
|
|
set report=10
|
|
+ let need_rename = 0
|
|
|
|
" sanity checks
|
|
if !executable(substitute(g:zip_zipcmd,'\s\+.*$','',''))
|
|
@@ -276,14 +277,6 @@ fun! zip#Write(fname)
|
|
" call Dret("zip#Write")
|
|
return
|
|
endif
|
|
- if !exists("*mkdir")
|
|
- redraw!
|
|
- echohl Error | echo "***error*** (zip#Write) sorry, mkdir() doesn't work on your system" | echohl None
|
|
-" call inputsave()|call input("Press <cr> to continue")|call inputrestore()
|
|
- let &report= repkeep
|
|
-" call Dret("zip#Write")
|
|
- return
|
|
- endif
|
|
|
|
let curdir= getcwd()
|
|
let tmpdir= tempname()
|
|
@@ -317,6 +310,11 @@ fun! zip#Write(fname)
|
|
let zipfile = substitute(a:fname,'^.\{-}zipfile://\(.\{-}\)::[^\\].*$','\1','')
|
|
let fname = substitute(a:fname,'^.\{-}zipfile://.\{-}::\([^\\].*\)$','\1','')
|
|
endif
|
|
+ if fname =~ '^[.]\{1,2}/'
|
|
+ call system(g:zip_zipcmd." -d ".s:Escape(fnamemodify(zipfile,":p"),0)." ".s:Escape(fname,0))
|
|
+ let fname = fname->substitute('^\([.]\{1,2}/\)\+', '', 'g')
|
|
+ let need_rename = 1
|
|
+ endif
|
|
" call Decho("zipfile<".zipfile.">")
|
|
" call Decho("fname <".fname.">")
|
|
|
|
@@ -333,7 +331,7 @@ fun! zip#Write(fname)
|
|
endif
|
|
" call Decho("zipfile<".zipfile."> fname<".fname.">")
|
|
|
|
- exe "w! ".fnameescape(fname)
|
|
+ exe "w ".fnameescape(fname)
|
|
if has("win32unix") && executable("cygpath")
|
|
let zipfile = substitute(system("cygpath ".s:Escape(zipfile,0)),'\n','','e')
|
|
endif
|
|
@@ -363,6 +361,10 @@ fun! zip#Write(fname)
|
|
let &binary = binkeep
|
|
q!
|
|
unlet s:zipfile_{winnr()}
|
|
+ elseif need_rename
|
|
+ exe $"sil keepalt file {fnameescape($"zipfile://{zipfile}::{fname}")}"
|
|
+ redraw!
|
|
+ echohl Error | echo "***error*** (zip#Browse) Path Traversal Attack detected, dropping relative path" | echohl None
|
|
endif
|
|
|
|
" cleanup and restore current directory
|
|
@@ -398,6 +400,11 @@ fun! zip#Extract()
|
|
let &report= repkeep
|
|
" call Dret("zip#Extract")
|
|
return
|
|
+ elseif fname =~ '^[.]\?[.]/'
|
|
+ redraw!
|
|
+ echohl Error | echo "***error*** (zip#Browse) Path Traversal Attack detected, not extracting!" | echohl None
|
|
+ let &report= repkeep
|
|
+ return
|
|
endif
|
|
|
|
" extract the file mentioned under the cursor
|