Overview

File CVE-2019-12735.patch of Package neovim.10373

From 5e611f32841e746932fbcbea292ca502ed9e694b Mon Sep 17 00:00:00 2001
From: Jan Edmund Lazo <jan.lazo@mail.utoronto.ca>
Date: Thu, 23 May 2019 00:07:48 -0400
Subject: [PATCH] vim-patch:8.1.1365: source command doesn't check for the
 sandbox

Problem:    Source command doesn't check for the sandbox. (Armin Razmjou)
Solution:   Check for the sandbox when sourcing a file.
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
---
 src/nvim/getchar.c | 7 +++++++
 1 file changed, 7 insertions(+)

--- a/src/nvim/getchar.c
+++ b/src/nvim/getchar.c
@@ -1238,6 +1238,13 @@ openscript (
     EMSG(_(e_nesting));
     return;
   }
+
+  // Disallow sourcing a file in the sandbox, the commands would be executed
+  // later, possibly outside of the sandbox.
+  if (check_secure()) {
+    return;
+  }
+
   if (ignore_script)
     /* Not reading from script, also don't open one.  Warning message? */
     return;
openSUSE Build Service is sponsored by
Places