mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2026-04-02 05:39:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.2.0202: [security]: command injection via newline in glob() (#38385)

Browse Source 
Problem:  The glob() function on Unix-like systems does not escape
          newline characters when expanding wildcards. A maliciously
          crafted string containing '\n' can be used as a command
          separator to execute arbitrary shell commands via
          mch_expand_wildcards(). This depends on the user's 'shell'
          setting.
Solution: Add the newline character ('\n') to the SHELL_SPECIAL
          definition to ensure it is properly escaped before being
          passed to the shell (pyllyukko).

closes: vim/vim#19746

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c

645ed6597d

Co-authored-by: pyllyukko <pyllyukko@maimed.org>
This commit is contained in:
zeertzjq
2026-03-20 08:19:52 +08:00
committed by GitHub
parent a18d51a958
commit f577e05522
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/nvim/os/shell.c
View File

@@ -51,7 +51,7 @@
#define NS_1_SECOND 1000000000U // 1 second, in nanoseconds #define NS_1_SECOND 1000000000U // 1 second, in nanoseconds
#define OUT_DATA_THRESHOLD 1024 * 10U // 10KB, "a few screenfuls" of data. #define OUT_DATA_THRESHOLD 1024 * 10U // 10KB, "a few screenfuls" of data.
#define SHELL_SPECIAL "\t \"&'$;<>()\\|" #define SHELL_SPECIAL "\t \"&'$;<>()\\|\n"
#include "os/shell.c.generated.h" #include "os/shell.c.generated.h"