File vte-CVE-2010-2713.patch of Package vte

Overview Repositories Revisions Requests Users Attributes Meta

File vte-CVE-2010-2713.patch of Package vte

Description: re-fix CVE-2003-0070, window title reporting.  Vulnerability
 was re-introduced by upstream commit:
 http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74
Author: Kees Cook <kees@ubuntu.com>

Index: vte-0.24.1/src/vteseq.c
===================================================================
--- vte-0.24.1.orig/src/vteseq.c	2010-07-08 12:32:52.123733715 -0700
+++ vte-0.24.1/src/vteseq.c	2010-07-08 12:36:58.246424871 -0700
@@ -3183,21 +3183,29 @@
 			vte_terminal_feed_child(terminal, buf, -1);
 			break;
 		case 20:
-			/* Report the icon title. */
+			/* Report a static icon title, since the real
+			   icon title should NEVER be reported, as it
+			   creates a security vulnerability.  See
+			   http://marc.info/?l=bugtraq&m=104612710031920&w=2
+			   and CVE-2003-0070. */
 			_vte_debug_print(VTE_DEBUG_PARSE,
-				"Reporting icon title.\n");
+				"Reporting fake icon title.\n");
+			/* never use terminal->icon_title here! */
 			g_snprintf (buf, sizeof (buf),
-				    _VTE_CAP_OSC "L%s" _VTE_CAP_ST,
-				    terminal->icon_title);
+				    _VTE_CAP_OSC "LTerminal" _VTE_CAP_ST);
 			vte_terminal_feed_child(terminal, buf, -1);
 			break;
 		case 21:
-			/* Report the window title. */
+			/* Report a static window title, since the real
+			   window title should NEVER be reported, as it
+			   creates a security vulnerability.  See
+			   http://marc.info/?l=bugtraq&m=104612710031920&w=2
+			   and CVE-2003-0070. */
 			_vte_debug_print(VTE_DEBUG_PARSE,
-					"Reporting window title.\n");
+					"Reporting fake window title.\n");
+			/* never use terminal->window_title here! */
 			g_snprintf (buf, sizeof (buf),
-				    _VTE_CAP_OSC "l%s" _VTE_CAP_ST,
-				    terminal->window_title);
+				    _VTE_CAP_OSC "lTerminal" _VTE_CAP_ST);
 			vte_terminal_feed_child(terminal, buf, -1);
 			break;
 		default:

Places

File vte-CVE-2010-2713.patch of Package vte

Places