patch 9.1.1198: [security]: potential data loss with zip.vim Problem: [security]: potential data loss with zip.vim and special crafted zip files (RyotaK) Solution: use glob '[-]' to protect filenames starting with '-' Github Advisory: https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf Signed-off-by: Christian Brabandt <cb@256bit.org>

commit: f209dcd3defb95bae21b2740910e6aa7bb940531 [log] [tgz]
author: Christian Brabandt <cb@256bit.org> Wed Mar 12 22:04:01 2025 +0100
committer: Christian Brabandt <cb@256bit.org> Wed Mar 12 22:04:01 2025 +0100
tree: 539adf07df62e2b02c8f3b0ee2a513ec60585eb9
parent: 53b14578e03f93a53fd6eb21c00caf96484742ed [diff] [blame]
diff --git a/src/testdir/test_plugin_zip.vim b/src/testdir/test_plugin_zip.vim
index e831f26..2050b4c 100644
--- a/src/testdir/test_plugin_zip.vim
+++ b/src/testdir/test_plugin_zip.vim

@@ -235,3 +235,26 @@
 
   bw
 enddef
+
+def Test_zip_fname_leading_hyphen()
+  CheckNotMSWindows
+
+  ### copy sample zip file
+  if !filecopy("samples/poc.zip", "X.zip")
+    assert_report("Can't copy samples/poc.zip")
+    return
+  endif
+  defer delete("X.zip")
+  defer delete('-d', 'rf')
+  defer delete('/tmp/pwned', 'rf')
+
+  e X.zip
+
+  :1
+  var fname = '-d/tmp'
+  search('\V' .. fname)
+  normal x
+  assert_true(filereadable('-d/tmp'))
+  assert_false(filereadable('/tmp/pwned'))
+  bw
+enddef
commit	f209dcd3defb95bae21b2740910e6aa7bb940531	[log] [tgz]
author	Christian Brabandt <cb@256bit.org>	Wed Mar 12 22:04:01 2025 +0100
committer	Christian Brabandt <cb@256bit.org>	Wed Mar 12 22:04:01 2025 +0100
tree	539adf07df62e2b02c8f3b0ee2a513ec60585eb9
parent	53b14578e03f93a53fd6eb21c00caf96484742ed [diff] [blame]