parazyd.org/1/git/st/commit/a2a704492b9f4d2408d180f7aeeacf4c789a1d67.gph

  URI:

       config.def.h: add an option allowwindowops, by default off (secure) - st - simple terminal
  HTML git clone https://git.parazyd.org/st
   DIR Log
   DIR Files
   DIR Refs
   DIR README
   DIR LICENSE
       ---
   DIR commit a2a704492b9f4d2408d180f7aeeacf4c789a1d67
   DIR parent 0f8b40652bca0670f1f0bda069bbc55f8b5e364d
  HTML Author: Hiltjo Posthuma <hiltjo@codemadness.org>
       Date:   Sat, 30 May 2020 21:56:18 +0200
       
       config.def.h: add an option allowwindowops, by default off (secure)
       
       Similar to the xterm AllowWindowOps option, this is an option to allow or
       disallow certain (non-interactive) operations that can be insecure or
       exploited.
       
       NOTE: xsettitle() is not guarded by this because st does not support printing
       the window title. Else this could be exploitable (arbitrary code execution).
       Similar problems have been found in the past in other terminal emulators.
       
       The sequence for base64-encoded clipboard copy is now guarded because it allows
       a sequence written to the terminal to manipulate the clipboard of the running
       user non-interactively, for example:
       
       printf '\x1b]52;0;ZWNobyBoaQ0=\a'
       
       Diffstat:
         M config.def.h                        |       4 ++++
         M st.c                                |       2 +-
         M st.h                                |       1 +
       
       3 files changed, 6 insertions(+), 1 deletion(-)
       ---
   DIR diff --git a/config.def.h b/config.def.h
       @@ -43,6 +43,10 @@ static unsigned int tripleclicktimeout = 600;
        /* alt screens */
        int allowaltscreen = 1;
        
       +/* allow certain non-interactive (insecure) window operations such as:
       +   setting the clipboard text */
       +int allowwindowops = 0;
       +
        /*
         * draw latency range in ms - from new content/keypress/etc until drawing.
         * within this range, st draws when content stops arriving (idle). mostly it's
   DIR diff --git a/st.c b/st.c
       @@ -1861,7 +1861,7 @@ strhandle(void)
                                        xsettitle(strescseq.args[1]);
                                return;
                        case 52:
       -                        if (narg > 2) {
       +                        if (narg > 2 && allowwindowops) {
                                        dec = base64dec(strescseq.args[2]);
                                        if (dec) {
                                                xsetsel(dec);
   DIR diff --git a/st.h b/st.h
       @@ -118,6 +118,7 @@ extern char *stty_args;
        extern char *vtiden;
        extern wchar_t *worddelimiters;
        extern int allowaltscreen;
       +extern int allowwindowops;
        extern char *termname;
        extern unsigned int tabspaces;
        extern unsigned int defaultfg;