Commit | Line | Data |
---|---|---|
0fd0bb56 LF |
1 | This patch prevents a code execution vector involving terminal escape |
2 | sequences when rxvt-unicode is in "secure mode". | |
3 | ||
4 | This change was spurred by the following conversation on the | |
5 | oss-security mailing list: | |
6 | ||
7 | Problem description and proof of concept: | |
8 | http://seclists.org/oss-sec/2017/q2/190 | |
9 | ||
10 | Upstream response: | |
11 | http://seclists.org/oss-sec/2017/q2/291 | |
12 | ||
13 | Patch copied from upstream source repository: | |
14 | http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 | |
15 | ||
16 | --- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582 | |
17 | +++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583 | |
18 | @@ -2695,7 +2695,7 @@ | |
19 | /* kidnapped escape sequence: Should be 8.3.48 */ | |
20 | case C1_ESA: /* ESC G */ | |
21 | // used by original rxvt for rob nations own graphics mode | |
22 | - if (cmd_getc () == 'Q') | |
23 | + if (cmd_getc () == 'Q' && option (Opt_insecure)) | |
24 | tt_printf ("\033G0\012"); /* query graphics - no graphics */ | |
25 | break; | |
26 | ||
27 | @@ -2914,7 +2914,7 @@ | |
28 | break; | |
29 | ||
30 | case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */ | |
31 | - case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ | |
32 | + case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ | |
33 | #ifdef ISO6429 | |
34 | arg[0] = -arg[0]; | |
35 | #else /* emulate common DEC VTs */ |