[vte/vte-0-20] Fix terminal title reporting

From: Christian Persch <chpe src gnome org>
To: commits-list gnome org
Cc:
Subject: [vte/vte-0-20] Fix terminal title reporting
Date: Thu, 15 Jul 2010 17:08:41 +0000 (UTC)

commit 03079121ee5d324af271b9675eae2eb54dd25f4b
Author: Kees Cook <kees ubuntu com>
Date:   Mon Jul 12 21:31:32 2010 +0200

    Fix terminal title reporting
    
    Fixed CVE-2003-0070 again.
    See also http://marc.info/?l=bugtraq&m=104612710031920&w=2 .
    (cherry picked from commit 6042c75b5a6daa0e499e61c8e07242d890d38ff1)

 src/vteseq.c |   24 ++++++++++++++++--------
 1 files changed, 16 insertions(+), 8 deletions(-)
---
diff --git a/src/vteseq.c b/src/vteseq.c
index 072b19a..7b850ec 100644
--- a/src/vteseq.c
+++ b/src/vteseq.c
@@ -3341,21 +3341,29 @@ vte_sequence_handler_window_manipulation (VteTerminal *terminal, GValueArray *pa
 			vte_terminal_feed_child(terminal, buf, -1);
 			break;
 		case 20:
-			/* Report the icon title. */
+			/* Report a static icon title, since the real
+			   icon title should NEVER be reported, as it
+			   creates a security vulnerability.  See
+			   http://marc.info/?l=bugtraq&m=104612710031920&w=2
+			   and CVE-2003-0070. */
 			_vte_debug_print(VTE_DEBUG_PARSE,
-				"Reporting icon title.\n");
+				"Reporting fake icon title.\n");
+			/* never use terminal->icon_title here! */
 			g_snprintf (buf, sizeof (buf),
-				    _VTE_CAP_OSC "L%s" _VTE_CAP_ST,
-				    terminal->icon_title);
+				    _VTE_CAP_OSC "LTerminal" _VTE_CAP_ST);
 			vte_terminal_feed_child(terminal, buf, -1);
 			break;
 		case 21:
-			/* Report the window title. */
+			/* Report a static window title, since the real
+			   window title should NEVER be reported, as it
+			   creates a security vulnerability.  See
+			   http://marc.info/?l=bugtraq&m=104612710031920&w=2
+			   and CVE-2003-0070. */
 			_vte_debug_print(VTE_DEBUG_PARSE,
-					"Reporting window title.\n");
+					"Reporting fake window title.\n");
+			/* never use terminal->window_title here! */
 			g_snprintf (buf, sizeof (buf),
-				    _VTE_CAP_OSC "l%s" _VTE_CAP_ST,
-				    terminal->window_title);
+				    _VTE_CAP_OSC "lTerminal" _VTE_CAP_ST);
 			vte_terminal_feed_child(terminal, buf, -1);
 			break;
 		default:

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]