From fee1880ea766ffd564e330014348d709a4234d95 Mon Sep 17 00:00:00 2001 From: Jan Edmund Lazo Date: Sat, 23 Mar 2019 08:06:35 -0400 Subject: [PATCH] vim-patch:8.1.0538: evaluating a modeline might invoke using a shell command Problem: Evaluating a modeline might invoke using a shell command. (Paul Huber) Solution: Set the sandbox flag when setting options from a modeline. https://github.com/vim/vim/commit/5958f95a40a4a44bd9e7f3b7ec6554a6ef3e42ca --- src/nvim/buffer.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/nvim/buffer.c b/src/nvim/buffer.c index f74c66f106..e9be0b4c42 100644 --- a/src/nvim/buffer.c +++ b/src/nvim/buffer.c @@ -4926,7 +4926,12 @@ chk_modeline ( if (*s != NUL) { /* skip over an empty "::" */ save_SID = current_SID; current_SID = SID_MODELINE; + // Make sure no risky things are executed as a side effect. + sandbox++; + retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags); + + sandbox--; current_SID = save_SID; if (retval == FAIL) /* stop if error found */ break;