nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-02 12:02:47 -05:00
Code Issues Projects Releases Wiki Activity

Sanitise control characters from paste data by default.

Browse Source 
This is a mild security measure against malicious clipboard-writing.
It's only mild, because of course there are situations in which even a
sanitised paste could be successfully malicious (imagine someone
managing to write the traditional 'rm -rf' command into your clipboard
when you were going to paste to a shell prompt); but it at least
allows pasting into typical text editors without also allowing the
control sequence that exits the editor UI and returns to the shell
prompt.

This is a configurable option, because there's no well defined line to
be drawn between acceptable and unacceptable pastes, and it's very
plausible that users will have sensible use cases for pasting things
outside the list of permitted characters, or cases in which they know
they trust the clipboard-writer. I for one certainly find it useful on
occasion to deliberately construct a paste containing control
sequences that automate a terminal-based UI.

While I'm at it, when bracketed paste mode is enabled, we also prevent
pasting of data that includes the 'end bracketed paste' sequence
somewhere in the middle. I really _hope_ nobody was treating bracketed
paste mode as a key part of their security boundary, but then again, I
also can't imagine that anyone had an actually sensible use case for
deliberately making a bracketed paste be only partly bracketed, and
it's an easy change while I'm messing about in this area anyway.
This commit is contained in:
Simon Tatham
2018-03-11 17:40:42 +00:00
parent 28520e41ac
commit 10c9104822
4 changed files with 63 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
settings.c
View File

@ -673,6 +673,7 @@ void save_open_settings(void *sesskey, Conf *conf)
write_setting_i(sesskey, "PasteRTF", conf_get_int(conf, CONF_rtf_paste));
write_setting_i(sesskey, "MouseIsXterm", conf_get_int(conf, CONF_mouse_is_xterm));
write_setting_i(sesskey, "RectSelect", conf_get_int(conf, CONF_rect_select));
write_setting_i(sesskey, "PasteControls", conf_get_int(conf, CONF_paste_controls));
write_setting_i(sesskey, "MouseOverride", conf_get_int(conf, CONF_mouse_override));
for (i = 0; i < 256; i += 32) {
char buf[20], buf2[256];
@ -1088,6 +1089,7 @@ void load_open_settings(void *sesskey, Conf *conf)
gppi(sesskey, "PasteRTF", 0, conf, CONF_rtf_paste);
gppi(sesskey, "MouseIsXterm", 0, conf, CONF_mouse_is_xterm);
gppi(sesskey, "RectSelect", 0, conf, CONF_rect_select);
gppi(sesskey, "PasteControls", 0, conf, CONF_paste_controls);
gppi(sesskey, "MouseOverride", 1, conf, CONF_mouse_override);
for (i = 0; i < 256; i += 32) {
static const char *const defaults[] = {