patch 9.2.0299: runtime(zip): may write using absolute paths

Problem: runtime(zip): may write using absolute paths (syndicate) Solution: Detect this case and abort on Unix, warn in the documentation about possible issues Signed-off-by: Christian Brabandt <cb@256bit.org>
2026-06-11 15:37:29 +02:00 · 2026-04-05 15:58:00 +00:00
parent 5943c57173
commit 46f530e517
5 changed files with 34 additions and 1 deletions
@@ -296,3 +296,22 @@ def g:Test_zip_fname_evil_path2()
  assert_match('zipfile://.*::.*tmp/foobar', @%)
  bw!
 enddef
+
+def g:Test_zip_fname_evil_path3()
+  CheckNotMSWindows
+  # needed for writing the zip file
+  CheckExecutable zip
+
+  CopyZipFile("evil.zip")
+  defer delete("X.zip")
+  e X.zip
+
+  :1
+  var fname = 'payload.txt'
+  search('\V' .. fname)
+  exe "normal \<cr>"
+  :w!
+  var mess  = execute(':mess')
+  assert_match('Path Traversal Attack', mess)
+  bw!
+enddef
@@ -734,6 +734,8 @@ static char *(features[]) =

 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    299,
 /**/
    298,
 /**/