mirrors/kitty
1
0
Fork 0
mirror of https://github.com/kovidgoyal/kitty synced 2026-06-06 01:05:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize ssh kitten shm open error message when sending over tty

Browse Source 
This prevents sending attacker controlled data over the tty where it
might end up getting evaled by the shell if the user is doing something
like cat of unsanitized data into the terminal (something that should
never be done).
This commit is contained in:
Kovid Goyal
2026-04-24 17:25:00 +05:30
parent 4a5ab0a05e
commit e414483264
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kittens/ssh/utils.py
View File

@@ -155,7 +155,9 @@ def get_ssh_data(msgb: memoryview, request_id: str) -> Iterator[bytes|memoryview
raise ValueError(f'Incorrect request id: {rq_id!r} expecting the KITTY_PID-KITTY_WINDOW_ID for the current kitty window')
except Exception as e:
traceback.print_exc()
yield f'{e}\n'.encode()
import re
msg = re.sub(r'[^a-zA-Z0-9 ]+', '_', str(e))
yield f'{msg}\n'.encode()
else:
yield b'OK\n'
encoded_data = memoryview(env_data['tarfile'].encode('ascii'))