Commit: patch 9.1.2135: tests: tar plugin does not consider 'nowrapscan'
0 views
Skip to first unread message
Christian Brabandt
Feb 6, 2026, 5:16:34 AM (12 days ago) Feb 6
to vim...@googlegroups.com
patch 9.1.2135: tests: tar plugin does not consider 'nowrapscan'
Commit: https://github.com/vim/vim/commit/18d844e365c21043d187f142bc88e75e9966822f
Author: Kevin Goodsell <kevin-op...@omegacrash.net>
Date: Fri Feb 6 10:00:13 2026 +0000
patch 9.1.2135: tests: tar plugin does not consider 'nowrapscan'
Problem: search() is used to check for the message from tar that
indicates leading slashes found in the tar archive, or to
check for the leading slashes themselves. However, if
'nowrapscan' is in effect these searches are limited to the
last line and don't find any results. This causes the warning
message from tar to be seen in the buffer, the "Path Traversal
Attack Detected" message to be omitted, and editing actions
can fail. This can be seen, for example, when editing
src/testdir/samples/evil.tar.
Solution: Use the 'w' flag for search() (Kevin Goodsell)
closes: #19333
Signed-off-by: Kevin Goodsell <kevin-op...@omegacrash.net>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/runtime/autoload/tar.vim b/runtime/autoload/tar.vim
index 74a5b38f7..944a2ed10 100644
--- a/runtime/autoload/tar.vim
+++ b/runtime/autoload/tar.vim
@@ -18,6 +18,7 @@
" 2025 May 19 by Vim Project: restore working directory after read/write
" 2025 Jul 13 by Vim Project: warn with path traversal attacks
" 2025 Jul 16 by Vim Project: update minimum vim version
+" 2026 Feb 06 by Vim Project: consider 'nowrapscan' (#19333)
"
" Contains many ideas from Michael Toren's <tar.vim>
"
@@ -226,7 +227,7 @@ fun! tar#Browse(tarfile)
" remove tar: Removing leading '/' from member names
" Note: the message could be localized
- if search('^tar: ') > 0 || search(g:tar_leading_pat) > 0
+ if search('^tar: ', 'w') > 0 || search(g:tar_leading_pat, 'w') > 0
call append(3,'" Note: Path Traversal Attack detected!')
let b:leading_slash = 1
" remove the message output
diff --git a/runtime/doc/version9.txt b/runtime/doc/version9.txt
index 73083398b..05d4da2be 100644
--- a/runtime/doc/version9.txt
+++ b/runtime/doc/version9.txt
@@ -52490,4 +52490,16 @@ Patch 9.1.2134
Problem: Terminal doesn't handle split UTF-8 sequence after ASCII.
Solution: Only use one UTF-8 encoding state per vterm state (zeertzjq).
+Patch 9.1.2135
+Problem: search() is used to check for the message from tar that
+ indicates leading slashes found in the tar archive, or to
+ check for the leading slashes themselves. However, if
+ 'nowrapscan' is in effect these searches are limited to the
+ last line and don't find any results. This causes the warning
+ message from tar to be seen in the buffer, the "Path Traversal
+ Attack Detected" message to be omitted, and editing actions
+ can fail. This can be seen, for example, when editing
+ src/testdir/samples/evil.tar.
+Solution: Use the 'w' flag for search() (Kevin Goodsell)
+
vim:tw=78:ts=8:noet:ft=help:norl:fdm=manual:nofoldenable
diff --git a/src/testdir/test_plugin_tar.vim b/src/testdir/test_plugin_tar.vim
index ebf74d7da..8d34ce11a 100644
--- a/src/testdir/test_plugin_tar.vim
+++ b/src/testdir/test_plugin_tar.vim
@@ -126,3 +126,24 @@ def g:Test_tar_evil()
bw!
enddef
+
+def g:Test_tar_path_traversal_with_nowrapscan()
+ CopyFile("evil.tar")
+ defer delete("X.tar")
+ # Make sure we still find the tar warning (or leading slashes) even when
+ # wrapscan is off
+ set nowrapscan
+ e X.tar
+
+ ### Check header
+ assert_match('^" tar\.vim version v\d\+', getline(1))
+ assert_match('^" Browsing tarfile .*/X.tar', getline(2))
+ assert_match('^" Select a file with cursor and press ENTER, "x" to extract a file', getline(3))
+ assert_match('^" Note: Path Traversal Attack detected', getline(4))
+ assert_match('^$', getline(5))
+ assert_match('/etc/ax-pwn', getline(6))
+
+ assert_equal(1, b:leading_slash)
+
+ bw!
+enddef
diff --git a/src/version.c b/src/version.c
index a9967e2bb..0adf730af 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 2135,
/**/
2134,
/**/
Commit: https://github.com/vim/vim/commit/18d844e365c21043d187f142bc88e75e9966822f
Author: Kevin Goodsell <kevin-op...@omegacrash.net>
Date: Fri Feb 6 10:00:13 2026 +0000
patch 9.1.2135: tests: tar plugin does not consider 'nowrapscan'
Problem: search() is used to check for the message from tar that
indicates leading slashes found in the tar archive, or to
check for the leading slashes themselves. However, if
'nowrapscan' is in effect these searches are limited to the
last line and don't find any results. This causes the warning
message from tar to be seen in the buffer, the "Path Traversal
Attack Detected" message to be omitted, and editing actions
can fail. This can be seen, for example, when editing
src/testdir/samples/evil.tar.
Solution: Use the 'w' flag for search() (Kevin Goodsell)
closes: #19333
Signed-off-by: Kevin Goodsell <kevin-op...@omegacrash.net>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/runtime/autoload/tar.vim b/runtime/autoload/tar.vim
index 74a5b38f7..944a2ed10 100644
--- a/runtime/autoload/tar.vim
+++ b/runtime/autoload/tar.vim
@@ -18,6 +18,7 @@
" 2025 May 19 by Vim Project: restore working directory after read/write
" 2025 Jul 13 by Vim Project: warn with path traversal attacks
" 2025 Jul 16 by Vim Project: update minimum vim version
+" 2026 Feb 06 by Vim Project: consider 'nowrapscan' (#19333)
"
" Contains many ideas from Michael Toren's <tar.vim>
"
@@ -226,7 +227,7 @@ fun! tar#Browse(tarfile)
" remove tar: Removing leading '/' from member names
" Note: the message could be localized
- if search('^tar: ') > 0 || search(g:tar_leading_pat) > 0
+ if search('^tar: ', 'w') > 0 || search(g:tar_leading_pat, 'w') > 0
call append(3,'" Note: Path Traversal Attack detected!')
let b:leading_slash = 1
" remove the message output
diff --git a/runtime/doc/version9.txt b/runtime/doc/version9.txt
index 73083398b..05d4da2be 100644
--- a/runtime/doc/version9.txt
+++ b/runtime/doc/version9.txt
@@ -52490,4 +52490,16 @@ Patch 9.1.2134
Problem: Terminal doesn't handle split UTF-8 sequence after ASCII.
Solution: Only use one UTF-8 encoding state per vterm state (zeertzjq).
+Patch 9.1.2135
+Problem: search() is used to check for the message from tar that
+ indicates leading slashes found in the tar archive, or to
+ check for the leading slashes themselves. However, if
+ 'nowrapscan' is in effect these searches are limited to the
+ last line and don't find any results. This causes the warning
+ message from tar to be seen in the buffer, the "Path Traversal
+ Attack Detected" message to be omitted, and editing actions
+ can fail. This can be seen, for example, when editing
+ src/testdir/samples/evil.tar.
+Solution: Use the 'w' flag for search() (Kevin Goodsell)
+
vim:tw=78:ts=8:noet:ft=help:norl:fdm=manual:nofoldenable
diff --git a/src/testdir/test_plugin_tar.vim b/src/testdir/test_plugin_tar.vim
index ebf74d7da..8d34ce11a 100644
--- a/src/testdir/test_plugin_tar.vim
+++ b/src/testdir/test_plugin_tar.vim
@@ -126,3 +126,24 @@ def g:Test_tar_evil()
bw!
enddef
+
+def g:Test_tar_path_traversal_with_nowrapscan()
+ CopyFile("evil.tar")
+ defer delete("X.tar")
+ # Make sure we still find the tar warning (or leading slashes) even when
+ # wrapscan is off
+ set nowrapscan
+ e X.tar
+
+ ### Check header
+ assert_match('^" tar\.vim version v\d\+', getline(1))
+ assert_match('^" Browsing tarfile .*/X.tar', getline(2))
+ assert_match('^" Select a file with cursor and press ENTER, "x" to extract a file', getline(3))
+ assert_match('^" Note: Path Traversal Attack detected', getline(4))
+ assert_match('^$', getline(5))
+ assert_match('/etc/ax-pwn', getline(6))
+
+ assert_equal(1, b:leading_slash)
+
+ bw!
+enddef
diff --git a/src/version.c b/src/version.c
index a9967e2bb..0adf730af 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 2135,
/**/
2134,
/**/
Reply all
Reply to author
Forward
0 new messages