46 lines
1.4 KiB
Diff
46 lines
1.4 KiB
Diff
From 351a16c88f56aeeca5e06095624dd701b264b2a9 Mon Sep 17 00:00:00 2001
|
|
From: q1uf3ng <q1uf3ng@protone.me>
|
|
Date: Wed, 15 Apr 2026 04:03:02 +0000
|
|
Subject: [PATCH] runtime(zip): block absolute paths in zip#Extract
|
|
|
|
zip#Extract(): add absolute path checks for both Unix and Windows,
|
|
matching the existing checks in zip#Write().
|
|
|
|
closes: #19976
|
|
|
|
Signed-off-by: q1uf3ng <glna9@protonmail.com>
|
|
Signed-off-by: Christian Brabandt <cb@256bit.org>
|
|
---
|
|
runtime/autoload/zip.vim | 16 ++++++++++++++++
|
|
1 file changed, 16 insertions(+)
|
|
|
|
diff --git a/runtime/autoload/zip.vim b/runtime/autoload/zip.vim
|
|
--- a/runtime/autoload/zip.vim
|
|
+++ b/runtime/autoload/zip.vim
|
|
@@ -421,6 +421,22 @@ fun! zip#Extract()
|
|
let &report= repkeep
|
|
return
|
|
endif
|
|
+ " block absolute paths
|
|
+ if has("unix")
|
|
+ if fname =~ '^/'
|
|
+ redraw!
|
|
+ echohl Error | echo "***error*** (zip#Extract) Path Traversal Attack detected, not extracting!" | echohl None
|
|
+ let &report= repkeep
|
|
+ return
|
|
+ endif
|
|
+ else
|
|
+ if fname =~ '^\%(\a:[\\/]\|[\\/]\)'
|
|
+ redraw!
|
|
+ echohl Error | echo "***error*** (zip#Extract) Path Traversal Attack detected, not extracting!" | echohl None
|
|
+ let &report= repkeep
|
|
+ return
|
|
+ endif
|
|
+ endif
|
|
|
|
" extract the file mentioned under the cursor
|
|
" call Decho("system(".g:zip_extractcmd." ".shellescape(b:zipfile)." ".shellescape(shell).")")
|
|
--
|
|
2.49.0
|
|
|