diff options
author | Kees Cook <kees@ubuntu.com> | 2010-07-12 21:31:32 +0200 |
---|---|---|
committer | Christian Persch <chpe@gnome.org> | 2010-07-12 21:43:15 +0200 |
commit | 03079121ee5d324af271b9675eae2eb54dd25f4b (patch) | |
tree | f3e85108d5261aafdd6fb3094971882c0c40e698 | |
parent | b8e1a5d9cc583c3a6d31b5594a4c7ce15ea73f5c (diff) | |
download | vte-0-20.tar.gz |
Fix terminal title reportingvte-0-20
Fixed CVE-2003-0070 again.
See also http://marc.info/?l=bugtraq&m=104612710031920&w=2 .
(cherry picked from commit 6042c75b5a6daa0e499e61c8e07242d890d38ff1)
-rw-r--r-- | src/vteseq.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/src/vteseq.c b/src/vteseq.c index 072b19a0..7b850ec5 100644 --- a/src/vteseq.c +++ b/src/vteseq.c @@ -3341,21 +3341,29 @@ vte_sequence_handler_window_manipulation (VteTerminal *terminal, GValueArray *pa vte_terminal_feed_child(terminal, buf, -1); break; case 20: - /* Report the icon title. */ + /* Report a static icon title, since the real + icon title should NEVER be reported, as it + creates a security vulnerability. See + http://marc.info/?l=bugtraq&m=104612710031920&w=2 + and CVE-2003-0070. */ _vte_debug_print(VTE_DEBUG_PARSE, - "Reporting icon title.\n"); + "Reporting fake icon title.\n"); + /* never use terminal->icon_title here! */ g_snprintf (buf, sizeof (buf), - _VTE_CAP_OSC "L%s" _VTE_CAP_ST, - terminal->icon_title); + _VTE_CAP_OSC "LTerminal" _VTE_CAP_ST); vte_terminal_feed_child(terminal, buf, -1); break; case 21: - /* Report the window title. */ + /* Report a static window title, since the real + window title should NEVER be reported, as it + creates a security vulnerability. See + http://marc.info/?l=bugtraq&m=104612710031920&w=2 + and CVE-2003-0070. */ _vte_debug_print(VTE_DEBUG_PARSE, - "Reporting window title.\n"); + "Reporting fake window title.\n"); + /* never use terminal->window_title here! */ g_snprintf (buf, sizeof (buf), - _VTE_CAP_OSC "l%s" _VTE_CAP_ST, - terminal->window_title); + _VTE_CAP_OSC "lTerminal" _VTE_CAP_ST); vte_terminal_feed_child(terminal, buf, -1); break; default: |