mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-11 13:58:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:7.4.1777

Browse Source 
Problem:    Newly added features can escape the sandbox.
Solution:   Add checks for restricted and secure. (Yasuhiro Matsumoto)
3849992b16

timer_start is missing check_secure.

The timer callback can, for example, call a function defined from outside the sandbox that does
stuff that would be disallowed from inside the sandbox. This is usually not allowed.

Cherry-pick eval.txt change from:
68e6560b84

Required for v8.1.2013.
This commit is contained in:
Sean Dewar
2021-11-01 16:21:16 +00:00
parent 39776d1a65
commit 38a831e54a
3 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/nvim/eval/funcs.c
View File

@@ -11551,6 +11551,9 @@ static void f_timer_start(typval_T *argvars, typval_T *rettv, FunPtr fptr)
dict_T *dict;
rettv->vval.v_number = -1;
if (check_secure()) {
return;
}
if (argvars[2].v_type != VAR_UNKNOWN) {
if (argvars[2].v_type != VAR_DICT