simon-git: putty (master): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Sun Mar 11 19:10:59 GMT 2018 

TL;DR:
  10c9104 Sanitise control characters from paste data by default.
  b2b8f6c Rename the 'Words' config panel to 'Copy'.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2018-03-11 19:10:59

commit 10c910482277cd34119ab1dd0365556513516033
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=10c910482277cd34119ab1dd0365556513516033;hp=28520e41acb802400508ee09d57bfefb4b32d18e
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Mar 11 17:40:42 2018 +0000

    Sanitise control characters from paste data by default.
    
    This is a mild security measure against malicious clipboard-writing.
    It's only mild, because of course there are situations in which even a
    sanitised paste could be successfully malicious (imagine someone
    managing to write the traditional 'rm -rf' command into your clipboard
    when you were going to paste to a shell prompt); but it at least
    allows pasting into typical text editors without also allowing the
    control sequence that exits the editor UI and returns to the shell
    prompt.
    
    This is a configurable option, because there's no well defined line to
    be drawn between acceptable and unacceptable pastes, and it's very
    plausible that users will have sensible use cases for pasting things
    outside the list of permitted characters, or cases in which they know
    they trust the clipboard-writer. I for one certainly find it useful on
    occasion to deliberately construct a paste containing control
    sequences that automate a terminal-based UI.
    
    While I'm at it, when bracketed paste mode is enabled, we also prevent
    pasting of data that includes the 'end bracketed paste' sequence
    somewhere in the middle. I really _hope_ nobody was treating bracketed
    paste mode as a key part of their security boundary, but then again, I
    also can't imagine that anyone had an actually sensible use case for
    deliberately making a bracketed paste be only partly bracketed, and
    it's an easy change while I'm messing about in this area anyway.

 config.c   |  6 ++++++
 putty.h    |  1 +
 settings.c |  2 ++
 terminal.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++---------------
 4 files changed, 64 insertions(+), 17 deletions(-)

commit b2b8f6c3d4dc46caa0ef1109ebd7c1e9905f37b9
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=b2b8f6c3d4dc46caa0ef1109ebd7c1e9905f37b9;hp=10c910482277cd34119ab1dd0365556513516033
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Mar 11 18:57:13 2018 +0000

    Rename the 'Words' config panel to 'Copy'.
    
    Now its remit is widened to include not just the character-classes
    list box, but also anything else related specifically to _copying_
    rather than _pasting_, i.e. the terminal -> clipboard direction.
    
    This allows me to move the Windows-specific 'write RTF to clipboard'
    option into the newly named Copy panel, which gets it _out_ of the
    main Selection panel which had just overflowed due to the new option
    added by the previous commit.
    
    (It looks a little asymmetric that there's no corresponding Paste
    panel now! But since it would currently contain a single checkbox,
    I'll wait until there's more to put in it...)

 config.c         | 10 +++++-----
 windows/wincfg.c |  6 +++---
 2 files changed, 8 insertions(+), 8 deletions(-)

More information about the tartarus-commits mailing list