From: Bram Moolenaar Date: Fri, 22 Apr 2016 18:46:52 +0000 (+0200) Subject: patch 7.4.1777 X-Git-Tag: v7.4.1777 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3849992b16011e36a5cb5be4b127f843389b96fd;p=thirdparty%2Fvim.git patch 7.4.1777 Problem: Newly added features can escape the sandbox. Solution: Add checks for restricted and secure. (Yasuhiro Matsumoto) --- diff --git a/src/eval.c b/src/eval.c index e7712916e8..146348dd80 100644 --- a/src/eval.c +++ b/src/eval.c @@ -10408,6 +10408,8 @@ f_ch_logfile(typval_T *argvars, typval_T *rettv UNUSED) f_ch_open(typval_T *argvars, typval_T *rettv) { rettv->v_type = VAR_CHANNEL; + if (check_restricted() || check_secure()) + return; rettv->vval.v_channel = channel_open_func(argvars); } @@ -15078,6 +15080,8 @@ f_job_setoptions(typval_T *argvars, typval_T *rettv UNUSED) f_job_start(typval_T *argvars, typval_T *rettv) { rettv->v_type = VAR_JOB; + if (check_restricted() || check_secure()) + return; rettv->vval.v_job = job_start(argvars); } @@ -16821,8 +16825,6 @@ check_connection(void) #endif #ifdef FEAT_CLIENTSERVER -static void remote_common(typval_T *argvars, typval_T *rettv, int expr); - static void remote_common(typval_T *argvars, typval_T *rettv, int expr) { @@ -20683,6 +20685,8 @@ f_timer_start(typval_T *argvars, typval_T *rettv) char_u *callback; dict_T *dict; + if (check_secure()) + return; if (argvars[2].v_type != VAR_UNKNOWN) { if (argvars[2].v_type != VAR_DICT diff --git a/src/version.c b/src/version.c index 1c35576b09..34b5f4c0c7 100644 --- a/src/version.c +++ b/src/version.c @@ -753,6 +753,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 1777, /**/ 1776, /**/