This bug was fixed in the package vte2.91 - 0.72.2-1
---------------
vte2.91 (0.72.2-1) experimental; urgency=medium
* New upstream release
- Includes fix for an infinite loop processing OSC 104.
A malicious program accessed via ssh, telnet or similar protocols could
use this as a denial of service.
(Closes: #1037919, LP: #2022019; vte#2631 upstream)
-- Jeremy BĂcha <[email protected]> Wed, 14 Jun 2023 16:54:36 -0400
** Changed in: vte2.91 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to vte2.91 in Ubuntu.
https://bugs.launchpad.net/bugs/2022019
Title:
Control sequence '\e]104;x\a' hangs in libvte
Status in vte2.91 package in Ubuntu:
Fix Released
Bug description:
The command:
$ printf '\e]104;x\a'
will cause either gnome-terminal or xfce4-terminal to enter an infinite loop
inside libvte-2.91.so.0.
I believe the problem is in src/vteseq.cc in the Terminal::reset_color
function:
while (token != endtoken) {
int value;
if (!token.number(value))
continue;
int index;
if (get_osc_color_index(osc, value, index) &&
index != -1) {
reset_color(index, VTE_COLOR_SOURCE_ESCAPE);
}
++token;
}
When token doesn't point to a valid number, then "continue" bypasses
the ++token line and will just re-parse the same token over again.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vte2.91/+bug/2022019/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
