Vim netrw 运行时 Shell 注入漏洞修复分析

漏洞概述 漏洞名称: 运行时注入漏洞（Runtime Injection） 漏洞类型: 通过sftp和文件URLs进行的shell注入 问题描述: 在运行时，通过sftp和文件URLs进行shell注入，导致潜在的安全风险。 影响范围 受影响文件: - - - - - - 修复方案 解决方案: - 转义临时文件名 - 硬化文件名后缀正则表达式 - 丢弃未使用的 变量 POC代码/利用代码 ```vim " runtime/pack/dist/opt/autodoc/netrw.vim " 2020 Apr 21 by Vim Project Fix shell-injection via tempfile suffix (sftp://, file://) " 2020 Apr 21 by Vim Project drop unused g:netrw_tmpfile_escape " 修复前代码示例 call s:NetrwInit("g:netrw_tmpfile_escape", '\^$') call s:NetrwInit("g:netrw_menu_escape", '\^$') call s:NetrwInit("g:netrw_map_escape", '\^$') " 修复后代码示例 call s:NetrwInit("g:netrw_tmpfile_escape", '\^$') call s:NetrwInit("g:netrw_menu_escape", '\^$') call s:NetrwInit("g:netrw_map_escape", '\^$') " 修复后的文件名后缀处理 let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '') let suffix = substitute(a:fname, '^$.$\.[^./\\]$', '\1', '')

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

Vim netrw 运行时 Shell 注入漏洞修复分析

同源更多文章

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Vim netrw 运行时 Shell 注入漏洞修复分析

同源更多文章

目标达成感谢每一位支持者 — 我们达成了 100% 目标！