patch 8.1.0538: evaluating a modeline might invoke using a shell command

Problem:    Evaluating a modeline might invoke using a shell command. (Paul
            Huber)
Solution:   Set the sandbox flag when setting options from a modeline.

diff --git a/src/buffer.c b/src/buffer.c
index 8e892dadf87878c41456f223cac003019b5fa690..ee962b2e8f47f226cb042d2a5723e3e4e6903cc3 100644 (file)
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -5522,7 +5522,12 @@ chk_modeline(
                current_sctx.sc_seq = 0;
                current_sctx.sc_lnum = 0;
 #endif
+               // Make sure no risky things are executed as a side effect.
+               ++sandbox;
+
                retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags);
+
+               --sandbox;
 #ifdef FEAT_EVAL
                current_sctx = save_current_sctx;
 #endif

diff --git a/src/version.c b/src/version.c
index 29488c2a77826ec93be5343274f0197e218b2520..856941742ebc56c8e8f1dbd1696ad0c48e3800c7 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -792,6 +792,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    538,
 /**/
     537,
 /**/