IntenseFinance/neovim
3
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-02-25 18:55:25 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix(secure): crash when hitting escape in prompt (#21283)

Browse Source 
- use pcall when calling vim.secure.read from C
- catch keyboard interrupts in vim.secure.read, rethrow other errors
- selecting "view" in prompt runs :view command
- simplify lua stack cleanup with lua_gettop and lua_settop

Co-authored-by: ii14 <ii14@users.noreply.github.com>
This commit is contained in:
ii14 2022-12-05 19:59:04 +01:00 committed by GitHub
parent 707df88054
commit f3bf1fbf60
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
runtime/lua/vim/secure.lua
View File

@ -80,34 +80,27 @@ function M.read(path)
end end
-- File either does not exist in trust database or the hash does not match -- File either does not exist in trust database or the hash does not match
local choice = vim.fn.confirm( local ok, result = pcall(
vim.fn.confirm,
string.format('%s is not trusted.', fullpath), string.format('%s is not trusted.', fullpath),
'&ignore\n&view\n&deny\n&allow', '&ignore\n&view\n&deny\n&allow',
1 1
) )
if choice == 0 or choice == 1 then if not ok and result ~= 'Keyboard interrupt' then
error(result)
elseif not ok or result == 0 or result == 1 then
-- Cancelled or ignored -- Cancelled or ignored
return nil return nil
elseif choice == 2 then elseif result == 2 then
-- View -- View
vim.cmd('new') vim.cmd('sview ' .. fullpath)
local buf = vim.api.nvim_get_current_buf()
local lines = vim.split(string.gsub(contents, '\n$', ''), '\n')
vim.api.nvim_buf_set_lines(buf, 0, -1, false, lines)
vim.bo[buf].bufhidden = 'hide'
vim.bo[buf].buftype = 'nofile'
vim.bo[buf].swapfile = false
vim.bo[buf].modeline = false
vim.bo[buf].buflisted = false
vim.bo[buf].readonly = true
vim.bo[buf].modifiable = false
return nil return nil
elseif choice == 3 then elseif result == 3 then
-- Deny -- Deny
trust[fullpath] = '!' trust[fullpath] = '!'
contents = nil contents = nil
elseif choice == 4 then elseif result == 4 then
-- Allow -- Allow
trust[fullpath] = hash trust[fullpath] = hash
end end

19
src/nvim/lua/executor.c
View File

@ -2197,11 +2197,17 @@ plain:
char *nlua_read_secure(const char *path) char *nlua_read_secure(const char *path)
{ {
lua_State *const lstate = global_lstate; lua_State *const lstate = global_lstate;
const int top = lua_gettop(lstate);
lua_getglobal(lstate, "vim"); lua_getglobal(lstate, "vim");
lua_getfield(lstate, -1, "secure"); lua_getfield(lstate, -1, "secure");
lua_getfield(lstate, -1, "read"); lua_getfield(lstate, -1, "read");
lua_pushstring(lstate, path); lua_pushstring(lstate, path);
lua_call(lstate, 1, 1); if (nlua_pcall(lstate, 1, 1)) {
nlua_error(lstate, _("Error executing vim.secure.read: %.*s"));
lua_settop(lstate, top);
return NULL;
}
size_t len = 0; size_t len = 0;
const char *contents = lua_tolstring(lstate, -1, &len); const char *contents = lua_tolstring(lstate, -1, &len);
@ -2212,15 +2218,15 @@ char *nlua_read_secure(const char *path)
memcpy(buf, contents, len + 1); memcpy(buf, contents, len + 1);
} }
// Pop return value, "vim", and "secure" lua_settop(lstate, top);
lua_pop(lstate, 3);
return buf; return buf;
} }
bool nlua_trust(const char *action, const char *path) bool nlua_trust(const char *action, const char *path)
{ {
lua_State *const lstate = global_lstate; lua_State *const lstate = global_lstate;
const int top = lua_gettop(lstate);
lua_getglobal(lstate, "vim"); lua_getglobal(lstate, "vim");
lua_getfield(lstate, -1, "secure"); lua_getfield(lstate, -1, "secure");
lua_getfield(lstate, -1, "trust"); lua_getfield(lstate, -1, "trust");
@ -2241,6 +2247,7 @@ bool nlua_trust(const char *action, const char *path)
if (nlua_pcall(lstate, 1, 2)) { if (nlua_pcall(lstate, 1, 2)) {
nlua_error(lstate, _("Error executing vim.secure.trust: %.*s")); nlua_error(lstate, _("Error executing vim.secure.trust: %.*s"));
lua_settop(lstate, top);
return false; return false;
} }
@ -2260,8 +2267,6 @@ bool nlua_trust(const char *action, const char *path)
} }
} }
// Pop return values, "vim" and "secure" lua_settop(lstate, top);
lua_pop(lstate, 4);
return success; return success;
} }

6
test/functional/lua/secure_spec.lua
View File

@ -150,10 +150,10 @@ describe('vim.secure', function()
]]} ]]}
feed('v') feed('v')
screen:expect{grid=[[ screen:expect{grid=[[
^ let g:foobar = 42 | ^let g:foobar = 42 |
{1:~ }| {1:~ }|
{1:~ }| {1:~ }|
{2:]] .. cwd .. pathsep .. [[Xfile [RO]{MATCH:%s+}| {2:]] .. funcs.fnamemodify(cwd, ':~') .. pathsep .. [[Xfile [RO]{MATCH:%s+}|
| |
{1:~ }| {1:~ }|
{4:[No Name] }| {4:[No Name] }|
@ -166,7 +166,7 @@ describe('vim.secure', function()
-- Cannot write file -- Cannot write file
pcall_err(command, 'write') pcall_err(command, 'write')
eq(false, curbufmeths.get_option('modifiable')) eq(true, curbufmeths.get_option('readonly'))
end) end)
end) end)