averello/macvim-mirror
1
0
Fork 0
mirror of https://github.com/macvim-dev/macvim.git synced 2026-06-11 15:37:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

runtime(zip): also block single leading slash and absolute paths in Extract

Browse Source 
zip#Write(): the Windows path check did not match a single leading
slash (/path), which resolves to the current drive root on Windows.
Simplify the regex to match any leading slash or backslash.

zip#Extract(): add absolute path checks for both Unix and Windows,
matching the existing checks in zip#Write().

closes: #19976

Signed-off-by: q1uf3ng <glna9@protonmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
q1uf3ng
2026-04-15 04:03:02 +00:00
committed by Christian Brabandt
parent 4c28794716
commit 351a16c88f
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
runtime/autoload/zip.vim
+15 -2
View File
@@ -23,6 +23,7 @@
" 2026 Apr 01 by Vim Project: Detect more path traversal attacks
" 2026 Apr 05 by Vim Project: Detect more path traversal attacks
" 2026 Apr 14 by Vim Project: Detect more path traversal attacks on Windows
" 2026 Apr 15 by Vim Project: Detect more path traversal attacks on Windows
" License: Vim License (see vim's :help license)
" Copyright: Copyright (C) 2005-2019 Charles E. Campbell {{{1
" Permission is hereby granted to use and distribute this code,
@@ -406,8 +407,8 @@ fun! zip#Write(fname)
else
let zipfile = substitute(a:fname,'^.\{-}zipfile://\(.\{-}\)::[^\\].*$','\1','')
let fname = substitute(a:fname,'^.\{-}zipfile://.\{-}::\([^\\].*\)$','\1','')
" fname should not start with drive leter or a UNC path
if fname =~ '^\%(\%(\a:[\\/]\)\|[\\/]\{2}\)'
" fname should not start with drive letter, UNC path, or leading slash
if fname =~ '^\%(\a:[\\/]\|[\\/]\)'
call s:Mess('Error', "***error*** (zip#Write) Path Traversal Attack detected, not writing!")
call s:ChgDir(curdir,s:WARNING,"(zip#Write) unable to return to ".curdir."!")
return
@@ -505,6 +506,18 @@ fun! zip#Extract()
call s:Mess('Error', "***error*** (zip#Browse) Path Traversal Attack detected, not extracting!")
return
endif
" block absolute paths
if has("unix")
if fname =~ '^/'
call s:Mess('Error', "***error*** (zip#Extract) Path Traversal Attack detected, not extracting!")
return
endif
else
if fname =~ '^\%(\a:[\\/]\|[\\/]\)'
call s:Mess('Error', "***error*** (zip#Extract) Path Traversal Attack detected, not extracting!")
return
endif
endif
if filereadable(fname)
call s:Mess('Error', "***error*** (zip#Extract) <" .. fname .."> already exists in directory, not overwriting!")
return