Do not echo invalid DECRQSS queries back, behavior inherited from xte…

…rm (CVE-2008-2383) Reported by David Leadbeater.
kovidgoyal · Jul 5, 2023 · 60a7a53 · 60a7a53
1 parent 2fec9b3
commit 60a7a53
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/docs/changelog.rst b/docs/changelog.rst
@@ -87,6 +87,8 @@ Detailed list of changes
 
 - macOS: Fix window shadows not being drawn for transparent windows (:iss:`2827`, :pull:`6416`)
 
+- Do not echo invalid DECRQSS queries back, behavior inherited from xterm (CVE-2008-2383)
+
 0.28.1 [2023-04-21]
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

diff --git a/kitty/screen.c b/kitty/screen.c
@@ -2192,7 +2192,7 @@ screen_request_capabilities(Screen *self, char c, PyObject *q) {
             } else if (strcmp("r", query) == 0) {
                 shape = snprintf(buf, sizeof(buf), "1$r%u;%ur", self->margin_top + 1, self->margin_bottom + 1);
             } else {
-                shape = snprintf(buf, sizeof(buf), "0$r%s", query);
+                shape = snprintf(buf, sizeof(buf), "0$r");
             }
             if (shape > 0) write_escape_code_to_child(self, DCS, buf);
             break;