billiob pushed a commit to branch master.

http://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5

commit b80bedc7c21ecffe99d8d142930db696eebdd6a5
Author: Boris Faure <bill...@gmail.com>
Date:   Mon Aug 17 23:13:10 2015 +0200

    do not report unsanitized input. See CVE-2003-0063
---
 src/bin/termptyesc.c | 24 ++++++------------------
 1 file changed, 6 insertions(+), 18 deletions(-)

diff --git a/src/bin/termptyesc.c b/src/bin/termptyesc.c
index 19b7a24..55856cf 100644
--- a/src/bin/termptyesc.c
+++ b/src/bin/termptyesc.c
@@ -1303,12 +1303,8 @@ _handle_esc_xterm(Termpty *ty, const Eina_Unicode *c, 
Eina_Unicode *ce)
           goto err;
         if (*p == '?')
           {
-             TERMPTY_WRITE_STR("\033]0;");
-             if (ty->prop.title)
-               {
-                  TERMPTY_WRITE_STR(ty->prop.title);
-               }
-             TERMPTY_WRITE_STR("\007");
+             /* returns empty string. See CVE-2003-0063 */
+             TERMPTY_WRITE_STR("\033]0;Terminology\007");
           }
         else
           {
@@ -1336,12 +1332,8 @@ _handle_esc_xterm(Termpty *ty, const Eina_Unicode *c, 
Eina_Unicode *ce)
           goto err;
         if (*p == '?')
           {
-             TERMPTY_WRITE_STR("\033]0;");
-             if (ty->prop.icon)
-               {
-                  TERMPTY_WRITE_STR(ty->prop.icon);
-               }
-             TERMPTY_WRITE_STR("\007");
+             /* returns empty string. See CVE-2003-0063 */
+             TERMPTY_WRITE_STR("\033]1;Terminology\007");
           }
         else
           {
@@ -1365,12 +1357,8 @@ _handle_esc_xterm(Termpty *ty, const Eina_Unicode *c, 
Eina_Unicode *ce)
           goto err;
         if (*p == '?')
           {
-             TERMPTY_WRITE_STR("\033]0;");
-             if (ty->prop.title)
-               {
-                  TERMPTY_WRITE_STR(ty->prop.title);
-               }
-             TERMPTY_WRITE_STR("\007");
+             /* returns empty string. See CVE-2003-0063 */
+             TERMPTY_WRITE_STR("\033]2;Terminology\007");
           }
         else
           {

-- 


Reply via email to