mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-29 07:42:23 -05:00
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
|
This patch prevents a code execution vector involving terminal escape
|
||
|
sequences when rxvt-unicode is in "secure mode".
|
||
|
|
||
|
This change was spurred by the following conversation on the
|
||
|
oss-security mailing list:
|
||
|
|
||
|
Problem description and proof of concept:
|
||
|
http://seclists.org/oss-sec/2017/q2/190
|
||
|
|
||
|
Upstream response:
|
||
|
http://seclists.org/oss-sec/2017/q2/291
|
||
|
|
||
|
Patch copied from upstream source repository:
|
||
|
http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
|
||
|
|
||
|
--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582
|
||
|
+++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583
|
||
|
@@ -2695,7 +2695,7 @@
|
||
|
/* kidnapped escape sequence: Should be 8.3.48 */
|
||
|
case C1_ESA: /* ESC G */
|
||
|
// used by original rxvt for rob nations own graphics mode
|
||
|
- if (cmd_getc () == 'Q')
|
||
|
+ if (cmd_getc () == 'Q' && option (Opt_insecure))
|
||
|
tt_printf ("\033G0\012"); /* query graphics - no graphics */
|
||
|
break;
|
||
|
|
||
|
@@ -2914,7 +2914,7 @@
|
||
|
break;
|
||
|
|
||
|
case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
|
||
|
- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
|
||
|
+ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
|
||
|
#ifdef ISO6429
|
||
|
arg[0] = -arg[0];
|
||
|
#else /* emulate common DEC VTs */
|