diff options
author | Bram Moolenaar <Bram@vim.org> | 2016-04-22 20:46:52 +0200 |
---|---|---|
committer | Bram Moolenaar <Bram@vim.org> | 2016-04-22 20:46:52 +0200 |
commit | 3849992b16011e36a5cb5be4b127f843389b96fd (patch) | |
tree | 5978f94b4bcdc1433aa1421aac3562f92ec8b579 | |
parent | a1c487eef71d1673e57511453009de9cb4c9af51 (diff) | |
download | vim-git-3849992b16011e36a5cb5be4b127f843389b96fd.tar.gz |
patch 7.4.1777v7.4.1777
Problem: Newly added features can escape the sandbox.
Solution: Add checks for restricted and secure. (Yasuhiro Matsumoto)
-rw-r--r-- | src/eval.c | 8 | ||||
-rw-r--r-- | src/version.c | 2 |
2 files changed, 8 insertions, 2 deletions
diff --git a/src/eval.c b/src/eval.c index e7712916e..146348dd8 100644 --- a/src/eval.c +++ b/src/eval.c @@ -10408,6 +10408,8 @@ f_ch_logfile(typval_T *argvars, typval_T *rettv UNUSED) f_ch_open(typval_T *argvars, typval_T *rettv) { rettv->v_type = VAR_CHANNEL; + if (check_restricted() || check_secure()) + return; rettv->vval.v_channel = channel_open_func(argvars); } @@ -15078,6 +15080,8 @@ f_job_setoptions(typval_T *argvars, typval_T *rettv UNUSED) f_job_start(typval_T *argvars, typval_T *rettv) { rettv->v_type = VAR_JOB; + if (check_restricted() || check_secure()) + return; rettv->vval.v_job = job_start(argvars); } @@ -16821,8 +16825,6 @@ check_connection(void) #endif #ifdef FEAT_CLIENTSERVER -static void remote_common(typval_T *argvars, typval_T *rettv, int expr); - static void remote_common(typval_T *argvars, typval_T *rettv, int expr) { @@ -20683,6 +20685,8 @@ f_timer_start(typval_T *argvars, typval_T *rettv) char_u *callback; dict_T *dict; + if (check_secure()) + return; if (argvars[2].v_type != VAR_UNKNOWN) { if (argvars[2].v_type != VAR_DICT diff --git a/src/version.c b/src/version.c index 1c35576b0..34b5f4c0c 100644 --- a/src/version.c +++ b/src/version.c @@ -754,6 +754,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1777, +/**/ 1776, /**/ 1775, |