From 6b72108ee220dd64a3ff5a43a6c84d99078da62e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= Date: Sat, 3 Aug 2024 11:05:58 +0200 Subject: [PATCH] osc: kitty notifications: ignore invalid IDs Notification IDs must only use characters from [a-zA-Z0-9_-+.] Terminals **must** sanitize ids received from client programs before sending them back in responses, to mitigate input injection based attacks. That is, they must either reject ids containing characters not from the above set, or remove bad characters when reading ids sent to them. Foot implements the first: reject IDs containing characters not from the above set. --- osc.c | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/osc.c b/osc.c index eb5e9718..3ae8a051 100644 --- a/osc.c +++ b/osc.c @@ -564,6 +564,33 @@ osc_notify(struct terminal *term, char *string) }); } +IGNORE_WARNING("-Wpedantic") +static bool +verify_kitty_id_is_valid(const char *id) +{ + const size_t len = strlen(id); + + for (size_t i = 0; i < len; i++) { + switch (id[i]) { + case 'a' ... 'z': + case 'A' ... 'Z': + case '0' ... '9': + case '_': + case '-': + case '+': + case '.': + break; + + default: + return false; + } + } + + return true; +} +UNIGNORE_WARNINGS + + static void kitty_notification(struct terminal *term, char *string) { @@ -672,8 +699,11 @@ kitty_notification(struct terminal *term, char *string) case 'i': /* id */ - free(id); - id = xstrdup(value); + if (verify_kitty_id_is_valid(value)) { + free(id); + id = xstrdup(value); + } else + LOG_WARN("OSC-99: ignoring invalid 'i' identifier"); break; case 'p': @@ -963,7 +993,7 @@ kitty_notification(struct terminal *term, char *string) tll_push_back(notif->actions, xstrdup(button)); } } - + break; } }