From 60a7a53ccdac88dc728ac4f9e9295d64990e868c Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Wed, 5 Jul 2023 09:48:02 +0530 Subject: [PATCH] Do not echo invalid DECRQSS queries back, behavior inherited from xterm (CVE-2008-2383) Reported by David Leadbeater. --- docs/changelog.rst | 2 ++ kitty/screen.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/changelog.rst b/docs/changelog.rst index ce76e315dbe..6394adb9097 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -87,6 +87,8 @@ Detailed list of changes - macOS: Fix window shadows not being drawn for transparent windows (:iss:`2827`, :pull:`6416`) +- Do not echo invalid DECRQSS queries back, behavior inherited from xterm (CVE-2008-2383) + 0.28.1 [2023-04-21] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/kitty/screen.c b/kitty/screen.c index 57a2c06339c..f6e829ea499 100644 --- a/kitty/screen.c +++ b/kitty/screen.c @@ -2192,7 +2192,7 @@ screen_request_capabilities(Screen *self, char c, PyObject *q) { } else if (strcmp("r", query) == 0) { shape = snprintf(buf, sizeof(buf), "1$r%u;%ur", self->margin_top + 1, self->margin_bottom + 1); } else { - shape = snprintf(buf, sizeof(buf), "0$r%s", query); + shape = snprintf(buf, sizeof(buf), "0$r"); } if (shape > 0) write_escape_code_to_child(self, DCS, buf); break;