gryf/gryf-overlay
1
0
Fork 0
mirror of https://github.com/gryf/gryf-overlay.git synced 2026-03-29 17:23:36 +02:00
Code Issues Projects Releases Wiki Activity

Added mitigation for https://seclists.org/oss-sec/2021/q2/145 in urxvt

Browse Source
This commit is contained in:
gryf
2021-05-17 21:28:46 +02:00
parent 5b43a77432
commit 9ed4f26d88
3 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
x11-terms/rxvt-unicode/files/rxvt-unicode-9.22-disable-graphics-query.patch Normal file
View File

@@ -0,0 +1,23 @@
diff -ur rxvt-unicode-9.22-orig/src/command.C rxvt-unicode-9.22/src/command.C
--- rxvt-unicode-9.22-orig/src/command.C 2016-01-18 20:35:08.000000000 +0100
+++ rxvt-unicode-9.22/src/command.C 2021-05-17 21:22:29.068263084 +0200
@@ -2722,12 +2722,13 @@
}
break;
- /* kidnapped escape sequence: Should be 8.3.48 */
- case C1_ESA: /* ESC G */
- // used by original rxvt for rob nations own graphics mode
- if (cmd_getc () == 'Q')
- tt_printf ("\033G0\012"); /* query graphics - no graphics */
- break;
+// disabled because embedded newlines can make exploits easier
+// /* kidnapped escape sequence: Should be 8.3.48 */
+// case C1_ESA: /* ESC G */
+// // used by original rxvt for rob nations own graphics mode
+// if (cmd_getc () == 'Q')
+// tt_printf ("\033G0\012"); /* query graphics - no graphics */
+// break;
/* 8.3.63: CHARACTER TABULATION SET */
case C1_HTS: /* ESC H */