--- vim-7.1.314.orig/src/if_python.c +++ vim-7.1.314/src/if_python.c @@ -380,6 +380,7 @@ static void PythonIO_Flush(void); static int PythonIO_Init(void); static int PythonMod_Init(void); +static void Python_FixPath(void); /* Utility functions for the vim/python interface * ---------------------------------------------- @@ -517,6 +518,11 @@ if (PythonMod_Init()) goto fail; + /* Remove empty elements from sys.path since that causes the PWD to be + * used for imports, possibly masking system libraries and/or running + * arbitrary code. */ + Python_FixPath(); + /* the first python thread is vim's, release the lock */ Python_SaveThread(); @@ -2360,6 +2366,28 @@ return 0; } + static void +Python_FixPath(void) +{ + PyObject *sys = PyImport_ImportModule("sys"); + PyObject *sysdict = PyModule_GetDict(sys); + PyObject *path = PyDict_GetItemString(sysdict, "path"); + PyObject *newpath = PyList_New(0); + if (newpath != NULL) { + Py_INCREF(newpath); + PyInt n = PyList_Size(path); + PyInt i; + for (i = 0; i < n; i++) { + PyObject *item = PyList_GetItem(path, i); + if (strlen(PyString_AsString(item)) != 0) { + PyList_Append(newpath, PyList_GetItem(path, i)); + } + } + PyDict_SetItemString(sysdict, "path", newpath); + Py_DECREF(newpath); + } +} + /************************************************************************* * 4. Utility functions for handling the interface between Vim and Python. */