HCoop / jackhill / guix / guix.git / blame
| Commit | Line | Data |
|---|---|---|
| 0fd0bb56 LF |
1 | This patch prevents a code execution vector involving terminal escape |
| 2 | sequences when rxvt-unicode is in "secure mode". | |
| 3 | ||
| 4 | This change was spurred by the following conversation on the | |
| 5 | oss-security mailing list: | |
| 6 | ||
| 7 | Problem description and proof of concept: | |
| 8 | http://seclists.org/oss-sec/2017/q2/190 | |
| 9 | ||
| 10 | Upstream response: | |
| 11 | http://seclists.org/oss-sec/2017/q2/291 | |
| 12 | ||
| 13 | Patch copied from upstream source repository: | |
| 14 | http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 | |
| 15 | ||
| 16 | --- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582 | |
| 17 | +++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583 | |
| 18 | @@ -2695,7 +2695,7 @@ | |
| 19 | /* kidnapped escape sequence: Should be 8.3.48 */ | |
| 20 | case C1_ESA: /* ESC G */ | |
| 21 | // used by original rxvt for rob nations own graphics mode | |
| 22 | - if (cmd_getc () == 'Q') | |
| 23 | + if (cmd_getc () == 'Q' && option (Opt_insecure)) | |
| 24 | tt_printf ("\033G0\012"); /* query graphics - no graphics */ | |
| 25 | break; | |
| 26 | ||
| 27 | @@ -2914,7 +2914,7 @@ | |
| 28 | break; | |
| 29 | ||
| 30 | case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */ | |
| 31 | - case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ | |
| 32 | + case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ | |
| 33 | #ifdef ISO6429 | |
| 34 | arg[0] = -arg[0]; | |
| 35 | #else /* emulate common DEC VTs */ |