34 lines
1.4 KiB
Text
34 lines
1.4 KiB
Text
Date: Sat, 25 Apr 1998 14:24:43 +0200
|
|
From: Michal Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
|
|
To: BUGTRAQ@NETSPACE.ORG
|
|
Subject: pine/pico vt control characters bug
|
|
|
|
Pico, an editor included with pine 3.96 package, handles vt control
|
|
characters (eg. 0x9B) improperly, so it's possible to do almost anything
|
|
when normal text file is viewed with pico. Example? Try viewing file
|
|
containing only two characters: 0x9B and 0x63... That's not all, pico is
|
|
called by pine when you're replying to mail message. Anyone may insert any
|
|
control chars (using quoted-printable encoding) to his signature.
|
|
|
|
Fix (edited for NetBSD's pkg system):
|
|
|
|
--- pico/display.c.orig Fri Jun 19 13:19:53 1998
|
|
+++ pico/display.c Sat Jul 18 23:16:33 1998
|
|
@@ -128,8 +128,7 @@
|
|
VIDEO **vscreen; /* Virtual screen. */
|
|
VIDEO **pscreen; /* Physical screen. */
|
|
|
|
-#define ISCONTROL(C) ((C) < 0x20 || (C) == 0x7F \
|
|
- || ((gmode & P_HICTRL) && ((C) > 0x7F && (C) < 0xA0)))
|
|
+#define ISCONTROL(C) ((C) < 0x20 || (C) == 0x7F || ((C) >= 0x80 && (C) < 0xA0))
|
|
|
|
|
|
/*
|
|
|
|
(should help, at least in above situation)
|
|
|
|
_______________________________________________________________________
|
|
Michal Zalewski [lcamtuf@boss.staszic.waw.pl] <= finger for pub PGP key
|
|
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
|
|
[echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]
|
|
|