Vim netrw Runtime Shell Injection via sftp/file URLs Fix Analysis

漏洞概述 漏洞名称: 运行时注入漏洞（Runtime Injection） 漏洞类型: 通过sftp和文件URLs进行的shell注入 问题描述: 在运行时，通过sftp和文件URLs进行shell注入，导致潜在的安全风险。 影响范围 受影响文件: - - - - - - 修复方案 解决方案: - 转义临时文件名 - 硬化文件名后缀正则表达式 - 丢弃未使用的 变量 POC代码/利用代码 ```vim " runtime/pack/dist/opt/autodoc/netrw.vim " 2020 Apr 21 by Vim Project Fix shell-injection via tempfile suffix (sftp://, file://) " 2020 Apr 21 by Vim Project drop unused g:netrw_tmpfile_escape " 修复前代码示例 call s:NetrwInit("g:netrw_tmpfile_escape", '\^$') call s:NetrwInit("g:netrw_menu_escape", '\^$') call s:NetrwInit("g:netrw_map_escape", '\^$') " 修复后代码示例 call s:NetrwInit("g:netrw_tmpfile_escape", '\^$') call s:NetrwInit("g:netrw_menu_escape", '\^$') call s:NetrwInit("g:netrw_map_escape", '\^$') " 修复后的文件名后缀处理 let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '')

目標達成すべての支援者に感謝 — 100%達成しました！

Vim netrw Runtime Shell Injection via sftp/file URLs Fix Analysis

このソースからの他の記事

目標達成 すべての支援者に感謝 — 100%達成しました！

Vim netrw Runtime Shell Injection via sftp/file URLs Fix Analysis

このソースからの他の記事

目標達成すべての支援者に感謝 — 100%達成しました！