osc: kitty notifications: ignore invalid IDs

Notification IDs must only use characters from [a-zA-Z0-9_-+.] Terminals **must** sanitize ids received from client programs before sending them back in responses, to mitigate input injection based attacks. That is, they must either reject ids containing characters not from the above set, or remove bad characters when reading ids sent to them. Foot implements the first: reject IDs containing characters not from the above set.
2026-02-08 10:06:22 -05:00 · 2024-08-03 11:05:58 +02:00 · 2024-08-03 11:05:58 +02:00 · 6b72108ee2
commit 6b72108ee2
parent 62b0b65d47
1 changed files with 33 additions and 3 deletions
--- a/osc.c
+++ b/osc.c
@ -564,6 +564,33 @@ osc_notify(struct terminal *term, char *string)
    });
 }

+IGNORE_WARNING("-Wpedantic")
+static bool
+verify_kitty_id_is_valid(const char *id)
+{
+    const size_t len = strlen(id);
+
+    for (size_t i = 0; i < len; i++) {
+        switch (id[i]) {
+        case 'a' ... 'z':
+        case 'A' ... 'Z':
+        case '0' ... '9':
+        case '_':
+        case '-':
+        case '+':
+        case '.':
+            break;
+
+        default:
+            return false;
+        }
+    }
+
+    return true;
+}
+UNIGNORE_WARNINGS
+
+
 static void
 kitty_notification(struct terminal *term, char *string)
 {
@ -672,8 +699,11 @@ kitty_notification(struct terminal *term, char *string)

        case 'i':
            /* id */
-            free(id);
-            id = xstrdup(value);
+            if (verify_kitty_id_is_valid(value)) {
+                free(id);
+                id = xstrdup(value);
+            } else
+                LOG_WARN("OSC-99: ignoring invalid 'i' identifier");
            break;

        case 'p':
@ -963,7 +993,7 @@ kitty_notification(struct terminal *term, char *string)
                tll_push_back(notif->actions, xstrdup(button));
            }
        }
-        
+
        break;
    }
    }