aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-11-15 23:14:06 -05:00
Code Activity

patch 9.1.1551: [security]: path traversal issue in zip.vim

Browse Source 
Problem:  [security]: path traversal issue in zip.vim (@ax)
Solution: drop leading ../ on write of zipfiles, don't forcefully
          overwrite existing files

A zip plugin which contains filenames with leading '../'  may cause
confusion as to where the content will be extracted.  Let's drop such
things and make sure we use a relative filename instead and don't
forcefully overwrite temporary files. Also, warn the user of such
things.

related: #17733

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2025-07-15 21:43:01 +02:00
parent 3f9d2378bd
commit 586294a041
7 changed files with 185 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/version.c
View File

@@ -719,6 +719,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
1551,
/**/
1550,
/**/