nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-02 03:52:49 -05:00
Code Issues Projects Releases Wiki Activity

Patch inspired by one from Daniel Silverstone in Debian bug #229232:

Browse Source 
We now have an option where a remote window title query returns a well-formed
response containing the empty string. This should keep stop any server-side
application that was expecting a response from hanging, while not permitting
the response to be influenced by an attacker.

We also retain the ability to stay schtum. The existing checkbox has thus
grown into a set of radio buttons.

I've changed the default to the "empty string" response, even in the backward-
compatibility mode of loading old settings, which is a change in behaviour;
any users who want the old behaviour back will have to explicitly select it. I
think this is probably the Right Thing. (The only drawback I can think of is
that an attacker could still potentially use the relevant fixed strings for
mischief, but we already have other, similar reports.)

[originally from svn r7043]
This commit is contained in:
Jacob Nevins
2006-12-31 15:33:33 +00:00
parent cd94e3bc3c
commit 4ae926fa8a
5 changed files with 60 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
terminal.c
View File

@ -65,6 +65,8 @@
#define has_compat(x) ( ((CL_##x)&term->compatibility_level) != 0 )
char *EMPTY_WINDOW_TITLE = "";
const char sco2ansicolour[] = { 0, 4, 2, 6, 1, 5, 3, 7 };
#define sel_nl_sz (sizeof(sel_nl)/sizeof(wchar_t))
@ -3791,8 +3793,11 @@ static void term_out(Terminal *term)
break;
case 20:
if (term->ldisc &&
!term->cfg.no_remote_qtitle) {
p = get_window_title(term->frontend, TRUE);
term->cfg.remote_qtitle_action != TITLE_NONE) {
if(term->cfg.remote_qtitle_action == TITLE_REAL)
p = get_window_title(term->frontend, TRUE);
else
p = EMPTY_WINDOW_TITLE;
len = strlen(p);
ldisc_send(term->ldisc, "\033]L", 3, 0);
ldisc_send(term->ldisc, p, len, 0);
@ -3801,8 +3806,11 @@ static void term_out(Terminal *term)
break;
case 21:
if (term->ldisc &&
!term->cfg.no_remote_qtitle) {
p = get_window_title(term->frontend,FALSE);
term->cfg.remote_qtitle_action != TITLE_NONE) {
if(term->cfg.remote_qtitle_action == TITLE_REAL)
p = get_window_title(term->frontend, FALSE);
else
p = EMPTY_WINDOW_TITLE;
len = strlen(p);
ldisc_send(term->ldisc, "\033]l", 3, 0);
ldisc_send(term->ldisc, p, len, 0);