Contents of /trunk/rxvt/patches/rxvt-2.7.10-CVE-2008-1142.patch
Parent Directory | Revision Log
Revision 634 -
(show annotations)
(download)
Sun Jun 1 11:09:29 2008 UTC (16 years, 4 months ago) by niro
File size: 1850 byte(s)
Sun Jun 1 11:09:29 2008 UTC (16 years, 4 months ago) by niro
File size: 1850 byte(s)
-patches for rxvt-2.7.10-r1
1 | # CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.) |
2 | # Based on http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=41;filename=diff;att=1;bug=469296 |
3 | # bug 217819 |
4 | |
5 | diff -Naur rxvt-2.7.10.orig/rclock/rclock.c rxvt-2.7.10/rclock/rclock.c |
6 | --- rxvt-2.7.10.orig/rclock/rclock.c 2008-05-03 14:23:07.264082222 +0200 |
7 | +++ rxvt-2.7.10/rclock/rclock.c 2008-05-03 14:24:55.433082735 +0200 |
8 | @@ -324,9 +324,6 @@ |
9 | CheckMaildir(); |
10 | #endif |
11 | |
12 | - if ((display_name = getenv ("DISPLAY")) == NULL) |
13 | - display_name = ":0"; |
14 | - |
15 | /* parse the command line */ |
16 | for (i = 1; i < argc; i += 2) |
17 | { |
18 | @@ -424,7 +421,9 @@ |
19 | Xdisplay = XOpenDisplay (display_name); |
20 | if (!Xdisplay) |
21 | { |
22 | - print_error ("can't open display %s", display_name); |
23 | + print_error ("can't open display %s", display_name?display_name: |
24 | + getenv("DISPLAY")?getenv("DISPLAY"): |
25 | + "as no -d given and DISPLAY not set"); |
26 | goto Abort; |
27 | } |
28 | |
29 | diff -Naur rxvt-2.7.10.orig/src/init.c rxvt-2.7.10/src/init.c |
30 | --- rxvt-2.7.10.orig/src/init.c 2008-05-03 14:23:07.247082766 +0200 |
31 | +++ rxvt-2.7.10/src/init.c 2008-05-03 14:43:44.705227631 +0200 |
32 | @@ -532,8 +532,7 @@ |
33 | /* |
34 | * Open display, get options/resources and create the window |
35 | */ |
36 | - if ((rs[Rs_display_name] = getenv("DISPLAY")) == NULL) |
37 | - rs[Rs_display_name] = ":0"; |
38 | + rs[Rs_display_name] = getenv("DISPLAY"); |
39 | |
40 | rxvt_get_options(r, r_argc, r_argv); |
41 | free(r_argv); |
42 | @@ -550,7 +549,9 @@ |
43 | |
44 | if (r->Xdisplay == NULL |
45 | && (r->Xdisplay = XOpenDisplay(rs[Rs_display_name])) == NULL) { |
46 | - rxvt_print_error("can't open display %s", rs[Rs_display_name]); |
47 | + rxvt_print_error("can't open display %s", |
48 | + rs[Rs_display_name]?rs[Rs_display_name]: |
49 | + "as no -display option given and DISPLAY not set"); |
50 | exit(EXIT_FAILURE); |
51 | } |
52 |