vim-patch:9.1.1198: [security]: potential data loss with zip.vim (#32867)

Problem: [security]: potential data loss with zip.vim and special crafted zip files (RyotaK) Solution: use glob '[-]' to protect filenames starting with '-' Github Advisory: https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf f209dcd3de Co-authored-by: Christian Brabandt <cb@256bit.org>
2025-12-16 03:15:39 +00:00 · 2025-03-13 08:47:02 +08:00
parent 90d1260cb8
commit b25527d20d
3 changed files with 29 additions and 0 deletions
--- a/test/old/testdir/test_plugin_zip.vim
+++ b/test/old/testdir/test_plugin_zip.vim
@@ -235,3 +235,26 @@ func Test_zip_glob_fname()

  bw
 endfunc
+
+func Test_zip_fname_leading_hyphen()
+  CheckNotMSWindows
+
+  "## copy sample zip file
+  if !filecopy("samples/poc.zip", "X.zip")
+    call assert_report("Can't copy samples/poc.zip")
+    return
+  endif
+  defer delete("X.zip")
+  defer delete('-d', 'rf')
+  defer delete('/tmp/pwned', 'rf')
+
+  e X.zip
+
+  :1
+  let fname = '-d/tmp'
+  call search('\V' .. fname)
+  normal x
+  call assert_true(filereadable('-d/tmp'))
+  call assert_false(filereadable('/tmp/pwned'))
+  bw
+endfunc