IntenseFinance/neovim
3
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-02-25 18:55:25 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix(secure): crash when hitting escape in prompt (#21283)

Browse Source 
- use pcall when calling vim.secure.read from C
- catch keyboard interrupts in vim.secure.read, rethrow other errors
- selecting "view" in prompt runs :view command
- simplify lua stack cleanup with lua_gettop and lua_settop

Co-authored-by: ii14 <ii14@users.noreply.github.com>
This commit is contained in:
ii14 2022-12-05 19:59:04 +01:00 committed by GitHub
parent 707df88054
commit f3bf1fbf60
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
runtime/lua/vim/secure.lua
View File

@ -80,34 +80,27 @@ function M.read(path)
end
-- File either does not exist in trust database or the hash does not match
local choice = vim.fn.confirm(
local ok, result = pcall(
vim.fn.confirm,
string.format('%s is not trusted.', fullpath),
'&ignore\n&view\n&deny\n&allow',
1
)
if choice == 0 or choice == 1 then
if not ok and result ~= 'Keyboard interrupt' then
error(result)
elseif not ok or result == 0 or result == 1 then
-- Cancelled or ignored
return nil
elseif choice == 2 then
elseif result == 2 then
-- View
vim.cmd('new')
local buf = vim.api.nvim_get_current_buf()
local lines = vim.split(string.gsub(contents, '\n$', ''), '\n')
vim.api.nvim_buf_set_lines(buf, 0, -1, false, lines)
vim.bo[buf].bufhidden = 'hide'
vim.bo[buf].buftype = 'nofile'
vim.bo[buf].swapfile = false
vim.bo[buf].modeline = false
vim.bo[buf].buflisted = false
vim.bo[buf].readonly = true
vim.bo[buf].modifiable = false
vim.cmd('sview ' .. fullpath)
return nil
elseif choice == 3 then
elseif result == 3 then
-- Deny
trust[fullpath] = '!'
contents = nil
elseif choice == 4 then
elseif result == 4 then
-- Allow
trust[fullpath] = hash
end

19
src/nvim/lua/executor.c
View File

@ -2197,11 +2197,17 @@ plain:
char *nlua_read_secure(const char *path)
{
lua_State *const lstate = global_lstate;
const int top = lua_gettop(lstate);
lua_getglobal(lstate, "vim");
lua_getfield(lstate, -1, "secure");
lua_getfield(lstate, -1, "read");
lua_pushstring(lstate, path);
lua_call(lstate, 1, 1);
if (nlua_pcall(lstate, 1, 1)) {
nlua_error(lstate, _("Error executing vim.secure.read: %.*s"));
lua_settop(lstate, top);
return NULL;
}
size_t len = 0;
const char *contents = lua_tolstring(lstate, -1, &len);
@ -2212,15 +2218,15 @@ char *nlua_read_secure(const char *path)
memcpy(buf, contents, len + 1);
}
// Pop return value, "vim", and "secure"
lua_pop(lstate, 3);
lua_settop(lstate, top);
return buf;
}
bool nlua_trust(const char *action, const char *path)
{
lua_State *const lstate = global_lstate;
const int top = lua_gettop(lstate);
lua_getglobal(lstate, "vim");
lua_getfield(lstate, -1, "secure");
lua_getfield(lstate, -1, "trust");
@ -2241,6 +2247,7 @@ bool nlua_trust(const char *action, const char *path)
if (nlua_pcall(lstate, 1, 2)) {
nlua_error(lstate, _("Error executing vim.secure.trust: %.*s"));
lua_settop(lstate, top);
return false;
}
@ -2260,8 +2267,6 @@ bool nlua_trust(const char *action, const char *path)
}
}
// Pop return values, "vim" and "secure"
lua_pop(lstate, 4);
lua_settop(lstate, top);
return success;
}

4
test/functional/lua/secure_spec.lua
View File

@ -153,7 +153,7 @@ describe('vim.secure', function()
^let g:foobar = 42 |
{1:~ }|
{1:~ }|
{2:]] .. cwd .. pathsep .. [[Xfile [RO]{MATCH:%s+}|
{2:]] .. funcs.fnamemodify(cwd, ':~') .. pathsep .. [[Xfile [RO]{MATCH:%s+}|
|
{1:~ }|
{4:[No Name] }|
@ -166,7 +166,7 @@ describe('vim.secure', function()
-- Cannot write file
pcall_err(command, 'write')
eq(false, curbufmeths.get_option('modifiable'))
eq(true, curbufmeths.get_option('readonly'))
end)
end)