simon-svn: putty: jacob

tartarus-commits at lists.tartarus.org tartarus-commits at lists.tartarus.org
Sun Dec 31 15:33:33 GMT 2006


SVN root:       svn://ixion.tartarus.org/main
Changes by:     jacob
Revision:       7043
Date:           2006-12-31 15:33:33 +0000 (Sun, 31 Dec 2006)

Log message (16 lines):
Patch inspired by one from Daniel Silverstone in Debian bug #229232:

We now have an option where a remote window title query returns a well-formed
response containing the empty string. This should keep stop any server-side
application that was expecting a response from hanging, while not permitting
the response to be influenced by an attacker.

We also retain the ability to stay schtum. The existing checkbox has thus
grown into a set of radio buttons.

I've changed the default to the "empty string" response, even in the backward-
compatibility mode of loading old settings, which is a change in behaviour;
any users who want the old behaviour back will have to explicitly select it. I
think this is probably the Right Thing. (The only drawback I can think of is
that an attacker could still potentially use the relevant fixed strings for
mischief, but we already have other, similar reports.)

Modified files:
U   putty/config.c
U   putty/doc/config.but
U   putty/putty.h
U   putty/settings.c
U   putty/terminal.c

Links:
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi?rev=7043&view=rev
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/config.c?rev=7043&r1=7042&r2=7043
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/doc/config.but?rev=7043&r1=7042&r2=7043
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/putty.h?rev=7043&r1=7042&r2=7043
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/settings.c?rev=7043&r1=7042&r2=7043
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/terminal.c?rev=7043&r1=7042&r2=7043



More information about the tartarus-commits mailing list