Annotation of /trunk/rxvt/patches/rxvt-2.7.10-CVE-2008-1142.patch
Parent Directory | Revision Log
Revision 634 -
(hide annotations)
(download)
Sun Jun 1 11:09:29 2008 UTC (16 years, 3 months ago) by niro
File size: 1850 byte(s)
Sun Jun 1 11:09:29 2008 UTC (16 years, 3 months ago) by niro
File size: 1850 byte(s)
-patches for rxvt-2.7.10-r1
1 | niro | 634 | # CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.) |
2 | # Based on http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=41;filename=diff;att=1;bug=469296 | ||
3 | # bug 217819 | ||
4 | |||
5 | diff -Naur rxvt-2.7.10.orig/rclock/rclock.c rxvt-2.7.10/rclock/rclock.c | ||
6 | --- rxvt-2.7.10.orig/rclock/rclock.c 2008-05-03 14:23:07.264082222 +0200 | ||
7 | +++ rxvt-2.7.10/rclock/rclock.c 2008-05-03 14:24:55.433082735 +0200 | ||
8 | @@ -324,9 +324,6 @@ | ||
9 | CheckMaildir(); | ||
10 | #endif | ||
11 | |||
12 | - if ((display_name = getenv ("DISPLAY")) == NULL) | ||
13 | - display_name = ":0"; | ||
14 | - | ||
15 | /* parse the command line */ | ||
16 | for (i = 1; i < argc; i += 2) | ||
17 | { | ||
18 | @@ -424,7 +421,9 @@ | ||
19 | Xdisplay = XOpenDisplay (display_name); | ||
20 | if (!Xdisplay) | ||
21 | { | ||
22 | - print_error ("can't open display %s", display_name); | ||
23 | + print_error ("can't open display %s", display_name?display_name: | ||
24 | + getenv("DISPLAY")?getenv("DISPLAY"): | ||
25 | + "as no -d given and DISPLAY not set"); | ||
26 | goto Abort; | ||
27 | } | ||
28 | |||
29 | diff -Naur rxvt-2.7.10.orig/src/init.c rxvt-2.7.10/src/init.c | ||
30 | --- rxvt-2.7.10.orig/src/init.c 2008-05-03 14:23:07.247082766 +0200 | ||
31 | +++ rxvt-2.7.10/src/init.c 2008-05-03 14:43:44.705227631 +0200 | ||
32 | @@ -532,8 +532,7 @@ | ||
33 | /* | ||
34 | * Open display, get options/resources and create the window | ||
35 | */ | ||
36 | - if ((rs[Rs_display_name] = getenv("DISPLAY")) == NULL) | ||
37 | - rs[Rs_display_name] = ":0"; | ||
38 | + rs[Rs_display_name] = getenv("DISPLAY"); | ||
39 | |||
40 | rxvt_get_options(r, r_argc, r_argv); | ||
41 | free(r_argv); | ||
42 | @@ -550,7 +549,9 @@ | ||
43 | |||
44 | if (r->Xdisplay == NULL | ||
45 | && (r->Xdisplay = XOpenDisplay(rs[Rs_display_name])) == NULL) { | ||
46 | - rxvt_print_error("can't open display %s", rs[Rs_display_name]); | ||
47 | + rxvt_print_error("can't open display %s", | ||
48 | + rs[Rs_display_name]?rs[Rs_display_name]: | ||
49 | + "as no -display option given and DISPLAY not set"); | ||
50 | exit(EXIT_FAILURE); | ||
51 | } | ||
52 |