updated for version 7.4.009

Problem:    When a file was not decrypted (yet), writing it may destroy the
            contents.
Solution:   Mark the file as readonly until decryption was done. (Christian
            Brabandt)

2 files changed, 9 insertions, 0 deletions

diff --git a/src/fileio.c b/src/fileio.c
index b48a83a3c..010d933a1 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -2926,9 +2926,14 @@ check_for_cryptkey(cryptkey, ptr, sizep, filesizep, newfile, fname, did_ask)
     int		*did_ask;	/* flag: whether already asked for key */
 {
     int method = crypt_method_from_magic((char *)ptr, *sizep);
+    int b_p_ro = curbuf->b_p_ro;
 
     if (method >= 0)
     {
+	/* Mark the buffer as read-only until the decryption has taken place.
+	 * Avoids accidentally overwriting the file with garbage. */
+	curbuf->b_p_ro = TRUE;
+
 	set_crypt_method(curbuf, method);
 	if (method > 0)
 	    (void)blowfish_self_test();
@@ -2977,6 +2982,8 @@ check_for_cryptkey(cryptkey, ptr, sizep, filesizep, newfile, fname, did_ask)
 	    *sizep -= CRYPT_MAGIC_LEN + salt_len + seed_len;
 	    mch_memmove(ptr, ptr + CRYPT_MAGIC_LEN + salt_len + seed_len,
 							      (size_t)*sizep);
+	    /* Restore the read-only flag. */
+	    curbuf->b_p_ro = b_p_ro;
 	}
     }
     /* When starting to edit a new file which does not have encryption, clear
diff --git a/src/version.c b/src/version.c
index 22fc9b961..9b5343e9d 100644
--- a/src/version.c
+++ b/src/version.c
@@ -728,6 +728,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    9,
+/**/
     8,
 /**/
     7,