[SCM] Vim packaging branch, maint/lenny, updated. debian/7.1.314-3+lenny1-2-g2baafea

James Vega jamessan at debian.org
Fri Oct 17 20:13:56 UTC 2008 

The following commit has been merged in the maint/lenny branch:
commit 2af36de57191bab2bb5c31a0c2375d4a74383849
Author: James Vega <jamessan at debian.org>
Date:   Fri Oct 17 10:43:23 2008 -0400

    Remove empty elements from Python's sys.path
    
    Empty elements in sys.path cause modules in Vim's current working
    directory to get loaded.  This can be used to override system libraries,
    potentially running arbitrary code.
    
    Closes: #493937
    
    Signed-off-by: James Vega <jamessan at debian.org>

diff --git a/src/if_python.c b/src/if_python.c
index 09510d5..8de8fb7 100644
--- a/src/if_python.c
+++ b/src/if_python.c
@@ -380,6 +380,7 @@ static int RangeEnd;
 static void PythonIO_Flush(void);
 static int PythonIO_Init(void);
 static int PythonMod_Init(void);
+static void Python_FixPath(void);
 
 /* Utility functions for the vim/python interface
  * ----------------------------------------------
@@ -517,6 +518,11 @@ Python_Init(void)
 	if (PythonMod_Init())
 	    goto fail;
 
+	/* Remove empty elements from sys.path since that causes the PWD to be
+	 * used for imports, possibly masking system libraries and/or running
+	 * arbitrary code. */
+	Python_FixPath();
+
 	/* the first python thread is vim's, release the lock */
 	Python_SaveThread();
 
@@ -2360,6 +2366,28 @@ PythonMod_Init(void)
     return 0;
 }
 
+    static void
+Python_FixPath(void)
+{
+	PyObject *sys = PyImport_ImportModule("sys");
+	PyObject *sysdict = PyModule_GetDict(sys);
+	PyObject *path = PyDict_GetItemString(sysdict, "path");
+	PyObject *newpath = PyList_New(0);
+	if (newpath != NULL) {
+	    Py_INCREF(newpath);
+	    PyInt n = PyList_Size(path);
+	    PyInt i;
+	    for (i = 0; i < n; i++) {
+		PyObject *item = PyList_GetItem(path, i);
+		if (strlen(PyString_AsString(item)) != 0) {
+		    PyList_Append(newpath, PyList_GetItem(path, i));
+		}
+	    }
+	    PyDict_SetItemString(sysdict, "path", newpath);
+	    Py_DECREF(newpath);
+	}
+}
+
 /*************************************************************************
  * 4. Utility functions for handling the interface between Vim and Python.
  */

-- 
Vim packaging

More information about the pkg-vim-maintainers mailing list