averello/macvim-mirror
1
0
Fork 0
mirror of https://github.com/macvim-dev/macvim.git synced 2026-05-28 00:21:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline

Browse Source 
Problem:  'tabpanel' can be set in a modeline
Solution: Set the P_MLE flag for the 'tabpanel' option, disable
          autocmd_add()/autocomd_delete() functions in restricted/secure
          mode.

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2026-03-30 08:20:43 +00:00
parent 3c0f8000e1
commit 664701eb75
5 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/autocmd.c
+3
View File
@@ -3061,6 +3061,9 @@ autocmd_add_or_delete(typval_T *argvars, typval_T *rettv, int delete)
rettv->v_type = VAR_BOOL;
rettv->vval.v_number = VVAL_FALSE;
if (check_restricted() || check_secure())
return;
if (check_for_list_arg(argvars, 0) == FAIL)
return;
src/optiondefs.h
+1 -1
View File
@@ -2578,7 +2578,7 @@ static struct vimoption options[] =
(char_u *)&p_tpm, PV_NONE, NULL, NULL,
{(char_u *)10L, (char_u *)0L} SCTX_INIT},
#if defined(FEAT_TABPANEL)
{"tabpanel", "tpl", P_STRING|P_VI_DEF|P_RALL,
{"tabpanel", "tpl", P_STRING|P_VI_DEF|P_RALL|P_MLE,
(char_u *)&p_tpl, PV_NONE, NULL, NULL,
{(char_u *)"", (char_u *)0L} SCTX_INIT},
{"tabpanelopt","tplo", P_STRING|P_ALLOCED|P_VI_DEF|P_ONECOMMA|P_COLON
src/testdir/test_autocmd.vim
+5
View File
@@ -5962,4 +5962,9 @@ func Test_SwapExists_b_nwindows()
%bw!
endfunc
func Test_autocmd_add_secure()
call assert_fails('sandbox call autocmd_add([{"event": "BufRead", "cmd": "let x = 1"}])', 'E48:')
call assert_fails('sandbox call autocmd_delete([{"event": "BufRead"}])', 'E48:')
endfunc
" vim: shiftwidth=2 sts=2 expandtab
src/testdir/test_tabpanel.vim
+15
View File
@@ -872,4 +872,19 @@ function Test_tabpanel_showtabpanel_via_cmd_arg()
set showtabpanel& noruler&
endfunc
func Test_tabpanel_no_modeline()
let _tpl = &tabpanel
let _mls = &modelineexpr
set nomodelineexpr
setlocal modeline
new
call writefile(['/* vim: set tabpanel=test: */'], 'Xtabpanel.txt', 'D')
call assert_fails(':e Xtabpanel.txt', 'E992:')
let &tabpanel = _tpl
let &modelineexpr = _mls
bw!
endfunc
" vim: shiftwidth=2 sts=2 expandtab
src/version.c
+2
View File
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
272,
/**/
271,
/**/