Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
xterm
xterm-CVE-2023-40359.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xterm-CVE-2023-40359.patch of Package xterm
From 41ba5cf31da5e43477811b28009d64d3f643fd29 Mon Sep 17 00:00:00 2001 From: "Thomas E. Dickey" <dickey@invisible-island.net> Date: Wed, 8 Mar 2023 01:06:03 +0000 Subject: [PATCH] snapshot of project "xterm", label xterm-379c --- MANIFEST | 2 +- charclass.c | 4 +- charproc.c | 44 +++++---- graphics_regis.c | 235 ++++++++++++++++++++++++++--------------------- xterm.log.html | 14 ++- 5 files changed, 171 insertions(+), 128 deletions(-) Index: xterm-330/graphics_regis.c =================================================================== --- xterm-330.orig/graphics_regis.c +++ xterm-330/graphics_regis.c @@ -146,6 +146,14 @@ typedef struct RegisTextControls { int slant; /* for italic/oblique */ } RegisTextControls; +#define S_QUOTE '\'' +#define D_QUOTE '"' + +#define isQuote(ch) ((ch) == S_QUOTE || (ch) == D_QUOTE) +#define PickQuote(ch) ((ch) == S_QUOTE ? D_QUOTE : S_QUOTE) + +#define isName(c) ((c) == '_' || isalnum(CharOf(c))) + #define FixedCopy(dst, src, len) strncpy(dst, src, len - 1)[len - 1] = '\0' #define CopyFontname(dst, src) FixedCopy(dst, src, REGIS_FONTNAME_LEN) @@ -2956,6 +2964,37 @@ extract_regis_command(RegisDataFragment return 1; } +/* + * Check a ReGIS alphabet name before reporting it, to pick an appropriate + * delimiter. If the string is empty, or contains nonreportable characters, + * just return NUL. + */ +static int +pick_quote(const char *value) +{ + Bool s_quote = False; + Bool d_quote = False; + + if (*value != '\0') { + while (*value != '\0') { + int ch = CharOf(*value++); + if (ch == D_QUOTE) + d_quote = True; + else if (ch == S_QUOTE) + s_quote = True; + else if (!isName(ch)) + s_quote = d_quote = True; + } + } else { + s_quote = d_quote = True; + } + return ((s_quote && d_quote) + ? 0 + : (s_quote + ? D_QUOTE + : S_QUOTE)); +} + static int extract_regis_string(RegisDataFragment *input, char *out, unsigned maxlen) { @@ -2971,7 +3010,7 @@ extract_regis_string(RegisDataFragment * return 0; ch = peek_fragment(input); - if (ch != '\'' && ch != '"') + if (!isQuote(ch)) return 0; open_quote_ch = ch; outlen = 0U; @@ -3051,7 +3090,7 @@ extract_regis_parenthesized_data(RegisDa for (; input->pos < input->len; input->pos++, output->len++) { char prev_ch = ch; ch = input->start[input->pos]; - if (ch == '\'' || ch == '"') { + if (isQuote(ch)) { if (open_quote_ch == '\0') { open_quote_ch = ch; } else { @@ -3119,7 +3158,7 @@ extract_regis_option(RegisDataFragment * if (ch == ';' || ch == ',' || ch == '(' || ch == ')' || ch == '[' || ch == ']' || - ch == '"' || ch == '\'' || + isQuote(ch) || isdigit(CharOf(ch))) { return 0; } @@ -3135,7 +3174,7 @@ extract_regis_option(RegisDataFragment * TRACE(("looking at char '%c' in option '%c'\n", ch, *option)); /* FIXME: any special rules for commas? */ /* FIXME: handle escaped quotes */ - if (ch == '\'' || ch == '"') { + if (isQuote(ch)) { if (open_quote_ch == ch) { open_quote_ch = '\0'; } else { @@ -4821,6 +4860,7 @@ parse_regis_command(RegisParseState *sta static int parse_regis_option(RegisParseState *state, RegisGraphicsContext *context) { + XtermWidget xw = context->display_graphic->xw; RegisDataFragment optionarg; if (!extract_regis_option(&state->input, &state->option, &optionarg)) @@ -5399,13 +5439,18 @@ parse_regis_option(RegisParseState *stat state->option, fragment_to_tempstr(&optionarg))); break; } { - char reply[64]; + unsigned err_code = 0U; + unsigned err_char = 0U; TRACE(("got report last error condition\n")); /* FIXME: implement after adding error tracking */ - sprintf(reply, "\"%u,%u\"\r", 0U, 0U); - unparseputs(context->display_graphic->xw, reply); - unparse_end(context->display_graphic->xw); + unparseputc(xw, D_QUOTE); + unparseputn(xw, err_code); + unparseputc(xw, ','); + unparseputn(xw, err_char); + unparseputc(xw, D_QUOTE); + unparseputc(xw, '\r'); + unparse_end(xw); } break; case 'I': @@ -5452,8 +5497,8 @@ parse_regis_option(RegisParseState *stat /* FIXME: implement arrow key movement */ /* FIXME: implement button/key collection */ - unparseputs(context->display_graphic->xw, "\r"); - unparse_end(context->display_graphic->xw); + unparseputc(xw, '\r'); + unparse_end(xw); skip_regis_whitespace(&optionarg); if (!fragment_consumed(&optionarg)) { @@ -5470,25 +5515,22 @@ parse_regis_option(RegisParseState *stat if (!fragment_consumed(&optionarg)) { TRACE(("DATA_ERROR: unexpected arguments to ReGIS report command option '%c' arg \"%s\"\n", state->option, fragment_to_tempstr(&optionarg))); - break; - } { - char buffer[32]; - - if (state->load_index == MAX_REGIS_ALPHABETS) { - /* If this happens something went wrong elsewhere. */ - TRACE(("DATA_ERROR: unable to report current load alphabet\n")); - unparseputs(context->display_graphic->xw, "A0\"\"\r"); - unparse_end(context->display_graphic->xw); - break; + } else if (state->load_index == MAX_REGIS_ALPHABETS) { + /* If this happens something went wrong elsewhere. */ + TRACE(("DATA_ERROR: unable to report current load alphabet\n")); + unparseputs(xw, "A0\"\"\r"); + unparse_end(xw); + } else { + int delim = pick_quote(state->load_name); + if (delim != '\0') { + unparseputs(xw, "A"); + unparseputn(xw, state->load_alphabet); + unparseputc(xw, delim); + unparseputs(xw, state->load_name); + unparseputc(xw, delim); } - - unparseputs(context->display_graphic->xw, "A"); - sprintf(buffer, "%u", state->load_alphabet); - unparseputs(context->display_graphic->xw, buffer); - unparseputs(context->display_graphic->xw, "\""); - unparseputs(context->display_graphic->xw, state->load_name); - unparseputs(context->display_graphic->xw, "\"\r"); - unparse_end(context->display_graphic->xw); + unparseputc(xw, '\r'); + unparse_end(xw); } break; case 'M': @@ -5530,27 +5572,31 @@ parse_regis_option(RegisParseState *stat } if (name == '=') { - char reply[64]; + unsigned max_available = 1000U; + unsigned cur_available = max_available; TRACE(("got report macrograph storage request\n")); /* FIXME: Implement when macrographs are supported. */ - sprintf(reply, "\"%u,%u\"\r", 1000U, 1000U); - unparseputs(context->display_graphic->xw, reply); - unparse_end(context->display_graphic->xw); + unparseputc(xw, D_QUOTE); + unparseputn(xw, cur_available); + unparseputc(xw, ','); + unparseputn(xw, max_available); + unparseputc(xw, D_QUOTE); + unparseputc(xw, '\r'); + unparse_end(xw); } else if (name < 'A' || name > 'Z') { TRACE(("DATA_ERROR: invalid macrograph name: \"%c\"\n", name)); /* FIXME: what should happen? */ break; } else { - char temp[8]; - TRACE(("got report macrograph request for name '%c'\n", name)); - sprintf(temp, "@=%c", name); - unparseputs(context->display_graphic->xw, temp); + unparseputs(xw, "@="); + unparseputc(xw, name); /* FIXME: Allow this to be disabled for security reasons. */ /* FIXME: implement when macrographs are supported. */ - unparseputs(context->display_graphic->xw, "@;\r"); - unparse_end(context->display_graphic->xw); + unparseputs(xw, "@;"); + unparseputc(xw, '\r'); + unparse_end(xw); } } break; @@ -5598,75 +5644,60 @@ parse_regis_option(RegisParseState *stat TRACE(("got report cursor position (output=%d)\n", output)); /* FIXME: look into supporting ANSI locator reports (DECLRP) */ + unparseputc(xw, L_BLOK); if (output == 1) { - char reply[64]; + /* FIXME: verify in absolute, not user, coordinates */ + unparseputn(xw, (unsigned) context->graphics_output_cursor_x); + unparseputc(xw, ','); + unparseputn(xw, (unsigned) context->graphics_output_cursor_y); + } else if (context->multi_input_mode) { + /* FIXME: track input coordinates */ + unsigned x = 0, y = 0; /* placeholders */ + /* send CSI240~[x,y]\r with current input cursor location */ + + /* FIXME: verify no leading char or button sequence */ + /* FIXME: should we ever send an eight-bit CSI? */ /* FIXME: verify in absolute, not user, coordinates */ - sprintf(reply, "[%d,%d]\r", - context->graphics_output_cursor_x, - context->graphics_output_cursor_y); - unparseputs(context->display_graphic->xw, reply); - unparse_end(context->display_graphic->xw); + TRACE(("sending multi-mode input report at %u,%u\n", x, y)); + unparseputn(xw, x); + unparseputc(xw, ','); + unparseputn(xw, y); } else { - char reply[64]; - int x, y; + char ch = ' '; /* placeholder */ + unsigned x = 0, y = 0; /* placeholders */ - if (context->multi_input_mode) { - /* FIXME: track input coordinates */ - x = y = 0; /* placeholders */ - - /* send CSI240~[x,y]\r with current input cursor location */ - - /* FIXME: verify no leading char or button sequence */ - /* FIXME: should we ever send an eight-bit CSI? */ - /* FIXME: verify in absolute, not user, coordinates */ - TRACE(("sending multi-mode input report at %d,%d\n", - x, y)); - sprintf(reply, "[%d,%d]\r", x, y); - unparseputs(context->display_graphic->xw, reply); - unparse_end(context->display_graphic->xw); - break; - } else { - char ch; + /* FIXME: wait for first non-arrow keypress or mouse click, and don't update graphics while waiting */ + /* send <key or button>[x,y]\r to report input cursor location */ - /* FIXME: wait for first non-arrow keypress or mouse click, and don't update graphics while waiting */ - ch = ' '; /* placeholder */ - x = y = 0; /* placeholders */ - - /* send <key or button>[x,y]\r to report input cursor location */ - - /* null button: CSI240~ */ - /* left button: CSI241~ */ - /* middle button: CSI243~ */ - /* right button: CSI245~ */ - /* extra button: CSI247~ */ - /* FIXME: support DECLBD to change button assignments */ - /* FIXME: verify no leading char or button sequence */ - TRACE(("sending one-shot input report with %c at %d,%d\n", - ch, x, y)); - if (ch == '\r') { - /* Return only reports the location. */ - sprintf(reply, "[%d,%d]\r", x, y); - } else if (ch == '\177') { - /* DEL exits locator mode reporting nothing. */ - sprintf(reply, "\r"); - } else { - sprintf(reply, "%c[%d,%d]\r", ch, x, y); - } - unparseputs(context->display_graphic->xw, reply); - unparse_end(context->display_graphic->xw); - /* FIXME: exit one-shot mode and disable input cursor */ - break; - } - } + /* null button: CSI240~ */ + /* left button: CSI241~ */ + /* middle button: CSI243~ */ + /* right button: CSI245~ */ + /* extra button: CSI247~ */ + /* FIXME: support DECLBD to change button assignments */ + /* FIXME: verify no leading char or button sequence */ + TRACE(("sending one-shot input report with %c at %u,%u\n", + ch, x, y)); + if (ch != '\177') { + unparseputn(xw, x); + unparseputc(xw, ','); + unparseputn(xw, y); + } + /* FIXME: exit one-shot mode and disable input cursor */ + } + unparseputc(xw, R_BLOK); + unparseputc(xw, '\r'); + unparse_end(xw); } break; default: TRACE(("DATA_ERROR: sending empty report for unknown ReGIS report command option '%c' arg \"%s\"\n", state->option, fragment_to_tempstr(&optionarg))); /* Unknown report request types must receive empty reports. */ - unparseputs(context->display_graphic->xw, "\r"); - unparse_end(context->display_graphic->xw); + unparseputs(xw, "\r"); + unparse_end(xw); + break; } break; @@ -5964,7 +5995,7 @@ parse_regis_option(RegisParseState *stat TRACE(("using display page number: %d\n", page)); context->display_page = (unsigned) page; - map_regis_graphics_pages(context->display_graphic->xw, context); + map_regis_graphics_pages(xw, context); } break; case 'T':
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
