simon-svn: putty: jacob
tartarus-commits at lists.tartarus.org
tartarus-commits at lists.tartarus.org
Sun Dec 31 15:33:33 GMT 2006
SVN root: svn://ixion.tartarus.org/main
Changes by: jacob
Revision: 7043
Date: 2006-12-31 15:33:33 +0000 (Sun, 31 Dec 2006)
Log message (16 lines):
Patch inspired by one from Daniel Silverstone in Debian bug #229232:
We now have an option where a remote window title query returns a well-formed
response containing the empty string. This should keep stop any server-side
application that was expecting a response from hanging, while not permitting
the response to be influenced by an attacker.
We also retain the ability to stay schtum. The existing checkbox has thus
grown into a set of radio buttons.
I've changed the default to the "empty string" response, even in the backward-
compatibility mode of loading old settings, which is a change in behaviour;
any users who want the old behaviour back will have to explicitly select it. I
think this is probably the Right Thing. (The only drawback I can think of is
that an attacker could still potentially use the relevant fixed strings for
mischief, but we already have other, similar reports.)
Modified files:
U putty/config.c
U putty/doc/config.but
U putty/putty.h
U putty/settings.c
U putty/terminal.c
Links:
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi?rev=7043&view=rev
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/config.c?rev=7043&r1=7042&r2=7043
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/doc/config.but?rev=7043&r1=7042&r2=7043
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/putty.h?rev=7043&r1=7042&r2=7043
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/settings.c?rev=7043&r1=7042&r2=7043
http://www.tartarus.org/~simon-anonsvn/viewcvs.cgi/putty/terminal.c?rev=7043&r1=7042&r2=7043
More information about the tartarus-commits
mailing list