patch 9.2.0089: netrw: does not take port into account in hostname validation
Commit: https://github.com/vim/vim/commit/a6198523fb28a50d96945458792cdb4787d3cdda Author: Miguel Barro <[email protected]> Date: Sun Mar 1 19:32:29 2026 +0000 patch 9.2.0089: netrw: does not take port into account in hostname validation Problem: netrw: does not take port into account in hostname validation (after v9.2.0073) Solution: Update hostname validation check and test for an optional port number (Miguel Barro) closes: #19533 Signed-off-by: Miguel Barro <[email protected]> Signed-off-by: Christian Brabandt <[email protected]> diff --git a/runtime/pack/dist/opt/netrw/autoload/netrw.vim b/runtime/pack/dist/opt/netrw/autoload/netrw.vim index 25ca4e8a1..e31b34cb8 100644 --- a/runtime/pack/dist/opt/netrw/autoload/netrw.vim +++ b/runtime/pack/dist/opt/netrw/autoload/netrw.vim @@ -21,6 +21,7 @@ " 2026 Feb 15 by Vim Project fix global variable initialization for MS-Windows #19287 " 2026 Feb 21 by Vim Project better absolute path detection on MS-Windows #19477 " 2026 Feb 27 by Vim Project Make the hostname validation more strict +" 2026 Mar 01 by Vim Project include portnumber in hostname checking #19533 " Copyright: Copyright (C) 2016 Charles E. Campbell {{{1 " Permission is hereby granted to use and distribute this code, " with or without modifications, provided that this copyright @@ -2592,7 +2593,8 @@ endfunction " s:NetrwValidateHostname: Validate that the hostname is valid {{{2 " Input: -" hostname, may include an optional username, e.g. user@hostname +" hostname, may include an optional username and port number, e.g. +" user@hostname:port " allow a alphanumeric hostname or an IPv(4/6) address " Output: " true if g:netrw_machine is valid according to RFC1123 #Section 2 @@ -2601,17 +2603,19 @@ function s:NetrwValidateHostname(hostname) let user_pat = '\%([a-zA-Z0-9._-]\+@\)\?' " Hostname: 1-64 chars, alphanumeric/dots/hyphens. " No underscores. No leading/trailing dots/hyphens. - let host_pat = '[a-zA-Z0-9]\%([-a-zA-Z0-9.]{,62}[a-zA-Z0-9]\)\?$' + let host_pat = '[a-zA-Z0-9]\%([-a-zA-Z0-9.]\{0,62}[a-zA-Z0-9]\)\?' + " Port: 16 bit unsigned integer + let port_pat = '\%(:\d\{1,5\}\)\?$' " IPv4: 1-3 digits separated by dots - let ipv4_pat = '\%(\d\{1,3}\.\)\{3\}\d\{1,3\}$' + let ipv4_pat = '\%(\d\{1,3}\.\)\{3\}\d\{1,3\}' " IPv6: Hex, colons, and optional brackets - let ipv6_pat = '\[\?\%([a-fA-F0-9:]\{2,}\)\+\]\?$' + let ipv6_pat = '\[\?\%([a-fA-F0-9:]\{2,}\)\+\]\?' - return a:hostname =~? '^'.user_pat.host_pat || - \ a:hostname =~? '^'.user_pat.ipv4_pat || - \ a:hostname =~? '^'.user_pat.ipv6_pat + return a:hostname =~? '^'.user_pat.host_pat.port_pat || + \ a:hostname =~? '^'.user_pat.ipv4_pat.port_pat || + \ a:hostname =~? '^'.user_pat.ipv6_pat.port_pat endfunction " NetUserPass: set username and password for subsequent ftp transfer {{{2 diff --git a/src/testdir/test_plugin_netrw.vim b/src/testdir/test_plugin_netrw.vim index 99dba4b96..a4ab956a0 100644 --- a/src/testdir/test_plugin_netrw.vim +++ b/src/testdir/test_plugin_netrw.vim @@ -133,6 +133,11 @@ function Test_NetrwFile(fname) abort return s:NetrwFile(a:fname) endfunction +" Test hostname validation +function Test_NetrwValidateHostname(hostname) abort + return s:NetrwValidateHostname(a:hostname) +endfunction + " }}} END @@ -564,6 +569,30 @@ func Test_netrw_reject_evil_hostname() let msg = execute(':e scp://x;touch RCE;x/dir/') let msg = split(msg, " ")[-1] call assert_match('Rejecting invalid hostname', msg) -endfunction +endfunc + +func Test_netrw_hostname() + let valid_hostnames = [ + \ 'localhost', + \ '127.0.0.1', + \ '::1', + \ '0:0:0:0:0:0:0:1', + \ 'user@localhost', + \ '[email protected]', + \ 'utilisateur@::1', + \ 'benutzer@0:0:0:0:0:0:0:1', + \ 'localhost:22', + \ '127.0.0.1:80', + \ '[::1]:443', + \ '[0:0:0:0:0:0:0:1]:5432', + \ 'user@localhost:22', + \ '[email protected]:80', + \ 'utilisateur@[::1]:443', + \ 'benutzer@[0:0:0:0:0:0:0:1]:5432'] + + for hostname in valid_hostnames + call assert_true(Test_NetrwValidateHostname(hostname), $"Valid hostname {hostname} was rejected") + endfor +endfunc " vim:ts=8 sts=2 sw=2 et diff --git a/src/version.c b/src/version.c index 8dde23bf0..670dc27f6 100644 --- a/src/version.c +++ b/src/version.c @@ -734,6 +734,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 89, /**/ 88, /**/ -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/vim_dev/E1vwmit-001rw0-Dd%40256bit.org.
